CVE-2026-2686 SECCN Dingcheng G10 session_login.cgi qq os command injection

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...

📄 Shenzhen Aitemi M300 Wi-Fi Repeater Remote Code Execution

Shenzhen Aitemi M300 Wi-Fi Repeater unauthenticated proof of concept remote code execution exploit that leverages the time parameter in protocol.csp. ============================================================================================================================================= | Tit...

FLIR Systems AX8 Cameras Command Injection (CVE-2025-5126)

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

FLIR Systems AX8 Cameras Command Injection (CVE-2025-5695)

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribetospot/subscribetodelta/subscribetoalarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch...

FLIR Systems AX8 Cameras OS Command Injection (CVE-2022-37061)

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

PT-2026-20559

Name of the Vulnerable Software and Affected Versions SECCN Dingcheng G10 version 3.1.0.181203 Description A security issue has been identified in SECCN Dingcheng G10 version 3.1.0.181203. The qq function within the /cgi-bin/session login.cgi file is susceptible to operating system command...

CVE-2026-2670

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

CVE-2026-2670

Affected product/versions: Advantech WISE-6610 (1.2.1_20251110). Vulnerable component/file: /cgi-bin/luci/admin/openvpn_apply in the Background Management module. Root cause / condition: Manipulation of the argument delete_file enables an OS command injection. Impact: Remote execution possible wi...

PT-2026-20509

Name of the Vulnerable Software and Affected Versions Advantech WISE-6610 version 1.2.1 20251110 Description A flaw exists in Advantech WISE-6610 that allows remote execution of operating system commands. This is due to improper handling of the delete file argument within an unknown function of t...

📄 motionEye 0.43.1b4 Remote Command Injection

A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...

CVE-2026-2629

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

CVE-2026-2629

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

CVE-2026-2629 jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

CVE-2026-2615

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...

CVE-2026-2615

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...

CVE-2026-2615 Wavlink WL-NU516U1 firewall.cgi singlePortForwardDelete command injection

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...

CVE-2026-2529

A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist results in command injection. The attack can be executed remotely. The vendor was contacted ear...

CVE-2026-2528

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...