Lucene search
K

3873 matches found

CVE
CVE
added 2026/04/26 11:45 a.m.10 views

CVE-2026-7037

Totolink A8000RU 7.1cu.643_b20200521 is affected by a vulnerability in the CGI Handler at /cgi-bin/cstecgi.cgi, function setVpnPassCfg. Manipulation of the pptpPassThru argument enables OS command injection, with remote execution possible. The exploit is publicly released and can be used for atta...

10CVSS8.2AI score0.01785EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.11 views

PT-2026-35220

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection flaw exists in the CGI Handler component. Remote, unauthenticated attackers can execute arbitrary operating system commands by manipulating the pptpPassThru...

10CVSS7.5AI score0.01785EPSS
Exploits0References13
NVD
NVD
added 2026/04/25 6:16 p.m.10 views

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS0.06058EPSS
Exploits1References5
NVD
NVD
added 2026/04/25 6:16 p.m.6 views

CVE-2026-6989

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

8.8CVSS0.02895EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/25 6:0 p.m.5 views

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS6.9AI score0.06058EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/04/25 6:0 p.m.37 views

CVE-2026-6992 Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS0.06058EPSS
Exploits1References5
CVE
CVE
added 2026/04/25 5:15 p.m.15 views

CVE-2026-6989

CVE-2026-6989 affects Tenda F453 firmware up to version 1.0.0.3. The vulnerable component is the Telnet Service, specifically the TendaTelnet function in /goform/telnet. Successful exploitation enables command injection via a remote network attack without user interaction, with attackers possibly...

8.8CVSS6.2AI score0.02895EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/25 4:45 p.m.5 views

EUVD-2026-25663

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

7.5CVSS5.2AI score0.03132EPSS
Exploits1References4
NVD
NVD
added 2026/04/25 2:16 p.m.13 views

CVE-2026-6980

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.01694EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/25 1:0 p.m.36 views

CVE-2026-6980 Divyanshu-hash GitPilot-MCP main.py repo_path command injection

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.01694EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/25 1:0 p.m.7 views

EUVD-2026-25656

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

7.5CVSS7.1AI score0.01694EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.9 views

PT-2026-35165

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS6.9AI score0.06058EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 a.m.4 views

CVE-2026-22761

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

7.2CVSS6.1AI score0.01159EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 12:31 a.m.5 views

EUVD-2026-24503

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

6.5CVSS5.5AI score0.01181EPSS
Exploits0References5
NVD
NVD
added 2026/04/21 10:16 p.m.4 views

CVE-2026-6799

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

6.5CVSS0.01181EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:0 p.m.2 views

CVE-2026-6799

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

6.5CVSS5.5AI score0.01181EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/21 9:0 p.m.11 views

CVE-2026-6799

CVE-2026-6799 affects Comfast CF-N1-S (firmware 2.6.0.1). The issue is a command injection in the Endpoint component via /cgi-bin/mbox-config?method=SET&section=ping_config, caused by manipulating the destination argument. The vulnerability is exploitable remotely; exploit exists as per descripti...

6.5CVSS6.3AI score0.01181EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/21 9:0 p.m.32 views

CVE-2026-6799 Comfast CF-N1-S Endpoint mbox-config command injection

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

6.5CVSS0.01181EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.6 views

CVE-2026-6576

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

6.5CVSS6.3AI score0.01456EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 6:31 p.m.5 views

EUVD-2026-23879

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...

7.2CVSS5.9AI score0.0147EPSS
Exploits0References2
Rows per page
Query Builder