CVE-2026-9386 Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...

CVE-2026-9385

Totolink A8000RU Web Management (cgi-bin/cstecgi.cgi: setTracerouteCfg) is vulnerable to os command injection due to argument manipulation. Affects version 7.1cu.643_b20200521; vulnerability is remotely exploitable and exploit publicly disclosed. Public details indicate high impact on confidentia...

CVE-2026-9384 Totolink A8000RU Web Management cstecgi.cgi setDiagnosisCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

EUVD-2026-31594

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

CVE-2026-9367 NousResearch hermes-agent terminal_tool approval.py detect_dangerous_command os command injection

A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detectdangerouscommand of the file tools/approval.py of the component terminaltool. This manipulation causes os command injection. It is possible to initiate the...

CVE-2026-9367

CVE-2026-9367 affects NousResearch hermes-agent (component: terminal_tool, file: tools/approval.py, function: detect_dangerous_command). The issue enables an OS command injection due to a manipulation in detect_dangerous_command, with a remote attack possible. Public exploit information is report...

ROS-20260524-73-0028

Vulnerability in vim related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the resetFlags parameter in the function...

Hermes Agent 操作系统命令注入漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent 5157f5427f19488b31c6fdebbacd15d798ce7f63 and earlier versions have a vulnerability related to operating system command injection. This vulnerability stems from improper...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the parameter “ip” in the function...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the mode parameter in the setScheduleCfg functi...

Malicious code in dds-js-idl-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8941c301603919022f1d67d311d576d5d5efcac7ed7cb0d3526cb71e829d6 On npm install, the package's postinstall.js runs whoami and reads os.hostname, os.platform, the current working directory, and CI-related environmen...

Edimax EW-7438RPn 操作系统命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the function formWpsStart in the webs component...

Moderate Photon OS Security Update - PHSA-2026-4.0-1024

Updates of 'gnutls' packages of Photon OS have been released...

CVE-2026-5072

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

CVE-2026-34911

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information...

EUVD-2026-31383

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

EUVD-2026-31382

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...