413 matches found
PT-2026-35417
A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The...
PT-2026-35268
Name of the Vulnerable Software and Affected Versions Toowiredd chatgpt-mcp-server versions prior to 0.1.1 Description An OS command injection flaw exists in the MCP/HTTP component within the src/services/docker.service.ts file. This allows remote attackers to execute arbitrary operating system...
ChatGPT MCP Server 命令注入漏洞
The ChatGPT MCP Server is a MCP server managed through natural language by Toowiredd’s individual developer. Versions of the ChatGPT MCP Server 0.1.0 and earlier had a command injection vulnerability, which stemmed from the os command injection present in the src/services/docker.service.ts file...
PT-2026-35271
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...
Emissary 安全漏洞
Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary 8.42.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Executrix.getCommand function, which inserted temporary file paths into shell...
CVE-2026-35072
Dell PowerProtect Data Domain (versions 7.7.1.0–8.7.0.0; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contains an OS command injection vulnerability due to improper neutralization of special elements in commands. A high-privilege local attacker could potentially execute arbitrary command...
Dell PowerProtect Data Domain 安全漏洞
Dell PowerProtect Data Domain is a data protection and deduplication storage appliance. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize a specific element used for OS command injection, whic...
Exploit for CVE-2026-40176
CVE-2026-40176: Composer Perforce OS Command Injection PoC...
CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...
Chamilo LMS 操作系统命令注入漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained a vulnerability related to operating system command...
MaxKB 操作系统命令注入漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the MCP node, a workflow engine,...
CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...
CVE-2026-6154
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiat...
CVE-2026-6140 Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection
A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...
Pandora FMS 安全漏洞
Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. There are security vulnerabilities in versions of Pandora FMS 800 and earlier. These vulnerabilities stem from t...
CVE-2026-6130 chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection
A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...
EUVD-2026-21319
A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched...
CVE-2026-6029 Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...
EUVD-2026-21272
A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument laninfo can lead to os command injection. The attack may be performed from...
CVE-2026-5993 Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection
A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed...