CVE-2026-0781

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

CVE-2026-1327 Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

CVE-2026-1327

CVE-2026-1327 affects Totolink NR1800X with version 9.1.0u.6279_B20210910. The vulnerability is in the POST Request Handler’s function setTracerouteCfg in /cgi-bin/cstecgi.cgi, where argument manipulation leads to a command injection. It is described as exploitable remotely and the exploit has be...

CVE-2026-1326 Totolink NR1800X POST Request cstecgi.cgi setWanCfg command injection

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...

CVE-2026-1326

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...

CVE-2026-1326

Totolink NR1800X (firmware 9.1.0u.6279_B20210910) is affected by CVE-2026-1326. The vulnerability exists in the POST Request Handler’s /cgi-bin/cstecgi.cgi function setWanCfg, where manipulating the Hostname argument can trigger a command injection. The issue can be exploited remotely and the exp...

CVE-2026-1324

Summary: CVE-2026-1324 affects Sangfor Operation and Maintenance Management System (

VulnCheck KEV: CVE-2025-8829

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function umred of the file /goform/RPsetBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched...

PT-2026-3932

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Management System. This issue is related to the SessionController function within the SSH Protocol Handler...

PT-2026-3938

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279 B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

VulnCheck KEV: CVE-2025-7407

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument hostname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

PT-2026-3936

A weakness has been identified in Totolink NR1800X 9.1.0u.6279 B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...

CVE-2026-1192

A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unknown function of the file /cgi-bin/imodealldata.php. Executing a manipulation of the argument DevId can lead to command injection. The attack can be executed remotely. The exploi...

CVE-2026-1150

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

MiracleLinux 9 : cups-2.3.3op2-31.el9 (AXSA:2024-9124:11)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9124:11 advisory. cups: libppd: remote command injection via attacker controlled data in PPD file Tenable has extracted the preceding description block directly from the...