CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/01/30 5:16 p.m.•4 views

CVE-2026-1690

A flaw has been found in Tenda HG10 USHG7HG9HG10re300001138enxpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used...

5.8CVSS0.03857EPSS

CVE•added 2026/01/30 4:32 p.m.•13 views

CVE-2026-1690

CVE-2026-1690 affects Tenda HG10 family devices (HG10/HG7/HG9/HG10re_300001138_en_xpon). The flaw resides in the /boaform/formSysCmd handler, where manipulation of the sysCmd argument enables command injection. Attacks may be initiated remotely over the network; exploitation has been published an...

5.8CVSS5.7AI score0.03857EPSS

Exploits1References6Affected Software1

Cvelist•added 2026/01/30 4:32 p.m.•30 views

CVE-2026-1690 Tenda HG10 formSysCmd system command injection

5.8CVSS0.03857EPSS

ATTACKERKB•added 2026/01/30 4:32 p.m.•3 views

CVE-2026-1689

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS5.7AI score0.02537EPSS

CVE•added 2026/01/30 4:32 p.m.•14 views

CVE-2026-1689

CVE-2026-1689 affects Tenda HG10 series (HG10re_300001138_en_xpon) where the vulnerability lies in the Login Interface function checkUserFromLanOrWan in the file /boaform/admin/formLogin . Manipulating the argument Host yields a command injection vulnerability that can be exploited remotely. Mult...

7.5CVSS7AI score0.02537EPSS

Exploits1References6Affected Software1

EUVD•added 2026/01/30 4:32 p.m.•6 views

EUVD-2026-5020

7.5CVSS5.7AI score0.02537EPSS

ATTACKERKB•added 2026/01/30 4:2 p.m.•5 views

CVE-2026-1687

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS5.7AI score0.026EPSS

RedhatCVE•added 2026/01/30 3:24 a.m.•8 views

CVE-2026-1547

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

9.8CVSS5.7AI score0.02769EPSS

RedhatCVE•added 2026/01/30 3:24 a.m.•7 views

CVE-2026-1544

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

8.8CVSS5.7AI score0.03348EPSS

RedhatCVE•added 2026/01/30 3:24 a.m.•9 views

CVE-2026-1548

A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used...

8.8CVSS5.7AI score0.031EPSS

EUVD•added 2026/01/30 12:31 a.m.•8 views

EUVD-2026-4939

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

6.5CVSS5.7AI score0.02568EPSS

Exploits0References6

Positive Technologies•added 2026/01/30 12:0 a.m.•7 views

PT-2026-5469

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

9.8CVSS6.5AI score0.02255EPSS

Positive Technologies•added 2026/01/30 12:0 a.m.•9 views

PT-2026-5423

A weakness has been identified in Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS6.9AI score0.026EPSS

Exploits1References7

Cvelist•added 2026/01/29 11:32 p.m.•33 views

CVE-2026-1638 Tenda AC21 mDMZSetCfg command injection

A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...

6.5CVSS0.02027EPSS

ATTACKERKB•added 2026/01/29 11:32 p.m.•6 views

CVE-2026-1638

6.5CVSS5.7AI score0.02027EPSS

Exploits0References5Affected Software1

OSV•added 2026/01/29 10:15 p.m.•3 views

CVE-2026-1625

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

8.8CVSS5.7AI score0.02568EPSS

NVD•added 2026/01/29 10:15 p.m.•8 views

CVE-2026-1624

8.8CVSS0.02568EPSS

OSV•added 2026/01/29 10:15 p.m.•4 views

CVE-2026-1624

8.8CVSS5.6AI score