CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3861 matches found

Cvelist•added 2026/01/06 9:32 p.m.•82 views

CVE-2025-15471 TRENDnet TEW-713RE formFSrvX os command injection

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The...

10CVSS0.12113EPSS

Exploits1References4

Vulnrichment•added 2026/01/06 7:2 p.m.•4 views

CVE-2026-0641 TOTOLINK WA300 cstecgi.cgi sub_401510 command injection

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS6.7AI score0.0236EPSS

Exploits1References6

Cvelist•added 2026/01/06 3:52 p.m.•18 views

CVE-2020-36910 Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...

8.8CVSS0.01277EPSS

Exploits1References7

CVE•added 2026/01/06 3:52 p.m.•10 views

CVE-2020-36910

Summary: CVE-2020-36910 affects Cayin Signage Media Player 3.0. An authenticated remote command injection exists in the system.cgi and wizard_system.cgi pages, exploitable via the NTP_Server_IP parameter with default credentials to run arbitrary shell commands as root. The vulnerability has a hig...

8.8CVSS7.9AI score0.01277EPSS

Exploits1References7

RedhatCVE•added 2026/01/06 8:5 a.m.•12 views

CVE-2026-0581

A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can b...

6.5CVSS7.1AI score0.08247EPSS

Exploits1References1

Positive Technologies•added 2026/01/06 12:0 a.m.•8 views

PT-2026-1521

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-713RE version 1.02 Description A flaw exists in TRENDnet TEW-713RE that allows for remote operating system command injection. The issue is located in the /goformX/formFSrvX file, specifically through manipulation of the SZCMD...

10CVSS9.6AI score0.12113EPSS

Exploits1References18

Positive Technologies•added 2026/01/05 12:0 a.m.•8 views

PT-2026-1228

Name of the Vulnerable Software and Affected Versions Tenda AC1206 version 15.03.06.23 Description A remote command injection issue exists in the formBehaviorManager function within the /goform/BehaviorManager file of the httpd component. Manipulation of the modulename/option/data/switch argument...

6.5CVSS7AI score0.08247EPSS

Exploits1References9

RedhatCVE•added 2026/01/01 5:33 p.m.•8 views

CVE-2025-15391

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...

6.5CVSS7AI score0.03695EPSS

Exploits1References1

OSV•added 2025/12/31 6:15 p.m.•1 views

CVE-2025-15391

9.8CVSS5.7AI score

Exploits0References5

CVE•added 2025/12/31 5:32 p.m.•9 views

CVE-2025-15391

CVE-2025-15391 affects D-Link DIR-806A 100CNb11. The issue stems from the SSDP Request Handler’s ssdpcgi_main function, which fails to properly filter constructed command characters, enabling remote arbitrary command execution via command injection. Multiple connected sources corroborate a remote...

9.8CVSS6.6AI score0.03695EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2025/12/31 5:6 p.m.•2 views

CVE-2025-15256

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack i...

9.8CVSS6.9AI score0.03287EPSS

Exploits1References1

RedhatCVE•added 2025/12/31 5:6 p.m.•3 views

CVE-2025-15257

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

9.8CVSS7.2AI score0.04442EPSS

Exploits1References1

OSV•added 2025/12/30 9:15 p.m.•2 views

CVE-2025-15357

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /mspinfo.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

9.8CVSS5.6AI score0.03801EPSS

Exploits1References5

Cvelist•added 2025/12/30 9:2 p.m.•26 views

CVE-2025-15357 D-Link DI-7400G+ msp_info.htm command injection

6.5CVSS0.03801EPSS

Exploits1References5

EUVD•added 2025/12/30 6:30 p.m.•4 views

EUVD-2025-205833

7.5CVSS6.5AI score0.04442EPSS

Exploits1References5

EUVD•added 2025/12/30 6:30 p.m.•3 views

EUVD-2025-205784

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

6.5CVSS6.6AI score0.0326EPSS

Exploits1References6