Lucene search
K

413 matches found

Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.5 views

PT-2026-35417

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The...

10CVSS8.2AI score0.01766EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.16 views

PT-2026-35268

Name of the Vulnerable Software and Affected Versions Toowiredd chatgpt-mcp-server versions prior to 0.1.1 Description An OS command injection flaw exists in the MCP/HTTP component within the src/services/docker.service.ts file. This allows remote attackers to execute arbitrary operating system...

7.5CVSS7.4AI score0.01353EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.10 views

ChatGPT MCP Server 命令注入漏洞

The ChatGPT MCP Server is a MCP server managed through natural language by Toowiredd’s individual developer. Versions of the ChatGPT MCP Server 0.1.0 and earlier had a command injection vulnerability, which stemmed from the os command injection present in the src/services/docker.service.ts file...

7.5CVSS7.1AI score0.01353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.12 views

PT-2026-35271

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published...

7.5CVSS7AI score0.01707EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.8 views

Emissary 安全漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary 8.42.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Executrix.getCommand function, which inserted temporary file paths into shell...

8.8CVSS5.8AI score0.00861EPSS
Exploits1References2
CVE
CVE
added 2026/04/17 10:48 a.m.14 views

CVE-2026-35072

Dell PowerProtect Data Domain (versions 7.7.1.0–8.7.0.0; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contains an OS command injection vulnerability due to improper neutralization of special elements in commands. A high-privilege local attacker could potentially execute arbitrary command...

6.7CVSS6AI score0.00571EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

Dell PowerProtect Data Domain 安全漏洞

Dell PowerProtect Data Domain is a data protection and deduplication storage appliance. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize a specific element used for OS command injection, whic...

6.7CVSS6.1AI score0.00571EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/16 4:29 a.m.129 views

Exploit for CVE-2026-40176

CVE-2026-40176: Composer Perforce OS Command Injection PoC...

7.8CVSS6.5AI score0.01065EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2026/04/14 9:33 p.m.5 views

CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

8.8CVSS6.2AI score0.0176EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Chamilo LMS 操作系统命令注入漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained a vulnerability related to operating system command...

8.8CVSS6.1AI score0.0176EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

MaxKB 操作系统命令注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the MCP node, a workflow engine,...

5.5CVSS6.2AI score0.00243EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/13 5:30 p.m.5 views

CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...

10CVSS5.6AI score0.14277EPSS
Exploits0References5
NVD
NVD
added 2026/04/13 4:16 a.m.6 views

CVE-2026-6154

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiat...

10CVSS0.01823EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/13 12:30 a.m.29 views

CVE-2026-6140 Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

10CVSS0.02199EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. There are security vulnerabilities in versions of Pandora FMS 800 and earlier. These vulnerabilities stem from t...

7.5CVSS5.8AI score0.01074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/12 10:0 p.m.3 views

CVE-2026-6130 chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

7.5CVSS5.5AI score0.01368EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/10 9:31 a.m.5 views

EUVD-2026-21319

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched...

10CVSS7AI score0.02499EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/10 6:30 a.m.3 views

CVE-2026-6029 Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...

10CVSS7AI score0.02981EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 12:45 a.m.4 views

EUVD-2026-21272

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument laninfo can lead to os command injection. The attack may be performed from...

10CVSS6.9AI score0.01823EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/10 12:15 a.m.3 views

CVE-2026-5993 Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed...

10CVSS7.1AI score0.01803EPSS
Exploits0References5
Rows per page
Query Builder