CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

CVE-2026-7103

Code-projects Chat System 1.0 is affected by CVE-2026-7103. The flaw is in the MD5 Hash Handler, specifically the update_user.php file, where manipulating the Password argument can cause the system to use a weak hash. It is described as remotely exploitable with high attack complexity and difficu...

SUSE CVE-2026-27626

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...

GO-2026-4547 OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks in github.com/OliveTin/OliveTin

OliveTin: OS Command Injection via password argument type and webhook JSON extraction bypasses shell safety checks in github.com/OliveTin/OliveTin...

EUVD-2026-8600

OliveTin: OS Command Injection via password argument type and webhook JSON extraction bypasses shell safety checks...

OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks

Summary OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell metacharacters that execute arbitrary OS commands. A second independent vector allows unauthenticated RCE via...

CVE-2026-27626

A flaw was found in OliveTin. This vulnerability allows an authenticated user to inject shell metacharacters through password-typed arguments, leading to arbitrary operating system command execution. Additionally, an unauthenticated attacker can achieve Remote Code Execution RCE by sending...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the password argument type and webhook JSON extraction bypassing shell safety checks. An attacker can execute arbitrary operating system commands by supplying crafted input to the password argument or by sending...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the password argument type and webhook JSON extraction bypassing shell safety checks. An attacker can execute arbitrary operating system commands by supplying crafted input to the password argument or by sending...

CVE-2026-27626

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...

CVE-2026-27626 OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...

CVE-2026-27626

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...

CVE-2026-27626 OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...

PT-2026-21844

Name of the Vulnerable Software and Affected Versions OliveTin versions up to and including 3000.10.0 Description OliveTin, a tool designed to simplify shell command execution, has flaws in its shell command execution mechanism. The checkShellArgumentSafety function does not block the password...

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

PT-2025-47013

Name of the Vulnerable Software and Affected Versions D-Link DIR-816L version 2 06 b09 beta Description A stack-based buffer overflow exists in the authenticationcgi main function within the /authentication.cgi file of the D-Link DIR-816L. Manipulation of the Password argument allows for remote...

CVE-2025-11527 Tenda AC7 fast_setting_pppoe_set stack-based overflow

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been public...

CVE-2025-11527 Tenda AC7 fast_setting_pppoe_set stack-based overflow

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been public...

CVE-2025-11527

CVE-2025-11527 concerns the Tenda AC7 router (version 15.03.06.44). A vulnerability in the file /goform/fast_setting_pppoe_set allows manipulation of the Password parameter to trigger a stack-based overflow in a function whose exact name is not disclosed in the documents. The issue is exploitable...

EUVD-2025-32705

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fastsettingpppoeset. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may ...