Lucene search
K

2679 matches found

Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.11 views

PT-2026-35206

A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may...

7.5CVSS7AI score0.00278EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/04/23 9:22 a.m.260 views

Command-Injection

📄 Write-up : Command Injection - Filter Bypass Root-Me Challe...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 1:22 a.m.12 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

7.3CVSS6.1AI score0.01327EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/22 12:31 a.m.6 views

EUVD-2026-24503

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

6.5CVSS5.5AI score0.01181EPSS
Exploits0References5
NVD
NVD
added 2026/04/21 5:16 p.m.4 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

7.3CVSS0.01327EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.4 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.1AI score0.01327EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-34192

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

6.5CVSS5.5AI score0.01181EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.5 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.1AI score0.01327EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.7 views

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version has a security vulnerability. This vulnerability stems from the improper validation of the hostName parameter in the dopingaction function, which may lead to command injection attacks...

7.3CVSS5.8AI score0.01327EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.12 views

Comfast CF-N1-S 注入漏洞

The Comfast CF-N1-S is a wireless network adapter device developed by Comfast Corporation. Version 2.6.0.1 of the Comfast CF-N1-S contains a vulnerability caused by incorrect handling of the Endpoint component parameter “destination” in the file /cgi-bin/mbox-config?method=SET§ion=pingconfig. Thi...

6.5CVSS6.6AI score0.01181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34016

🚨CVE CVE-2026-38834 Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do ping action function via the hostName parameter. This vulnerability allow… https://t.co/tKrNtNWoPC ----- Traducción: Se encontró que CV… https://t.co/utmtNgl3sv...

7.3CVSS5.2AI score0.01327EPSS
Exploits1References4
CNVD
CNVD
added 2026/04/16 12:0 a.m.7 views

D-Link DI-8003 and DI-8003G Buffer Overflow Vulnerability

The D-Link DI-8003 and DI-8003G are both wireless routers from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003 and DI-8003G. The vulnerability is caused due to incorrect boundary checking in the wanping.asp script and can be exploited by an attacker to cause a...

7.5CVSS6AI score0.00412EPSS
Exploits0
OSV
OSV
added 2026/04/14 10:31 p.m.4 views

GHSA-5HVV-M4W4-GF6V OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an authrequest-style integration for example, nginx authrequest - --ping-user-agent is set or --gcp-healthchecks is enabled In...

9.1CVSS5.9AI score0.00475EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32955

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.3 views

CVE-2025-50669

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...

7.5CVSS6AI score0.00412EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.92 views

📄 D-Link DIR-650IN Command Injection

Proof of concept details for an authenticated command injection vulnerability in D-Link DIR-650IN. Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link:...

5.8AI score
Exploits0
Exploit DB
Exploit DB
added 2026/04/10 12:0 a.m.125 views

D-Link DIR-650IN - Authenticated Command Injection

Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=T082aVdUWUFNR2FRblBBQUxMWlVTZz09 Version: Firmware V1.04 REQUIRED Tested on:...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/08 9:33 p.m.9 views

EUVD-2025-209359

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...

6.2AI score0.00412EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 7:24 p.m.6 views

CVE-2025-50669

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...

7.5CVSS0.00412EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 12:30 a.m.5 views

EUVD-2025-209288

An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...

9.1CVSS5.9AI score0.00237EPSS
Exploits0References3
Rows per page
Query Builder