Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19522 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/28 9:29 p.m.5 views

Malicious code in timestamp-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d48be8ff856b19622d8bc8417db82b8752c41fb88aec5cd89d04bbee1bc729ef During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
Cvelist
Cvelistadded 2026/04/28 8:15 p.m.28 views

CVE-2026-7316 eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS0.0212EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 8:15 p.m.6 views

CVE-2026-7316

CVE-2026-7316 affects the eiliyaabedini aider-mcp project (up to commit 667b914301aada695aab0e46d1fb3a7d5e32c8af), specifically the code_with_ai component and the aider_mcp.py file. The vulnerability arises from manipulation of the working_dir/editable_files argument, enabling a command injection...

7.5CVSS7AI score0.0212EPSS
Exploits0References5
NVD
NVDadded 2026/04/28 2:16 p.m.3 views

CVE-2026-40552

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

4.7CVSS0.0008EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/28 1:13 p.m.2 views

CVE-2026-40552

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

8.4CVSS5.8AI score0.0008EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/28 1:13 p.m.1 views

EUVD-2026-26046

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

6.9CVSS5.8AI score0.0008EPSS
Exploits0References2
NVD
NVDadded 2026/04/28 9:16 a.m.1 views

CVE-2026-7241

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

10CVSS0.01221EPSS
Exploits0References5
NVD
NVDadded 2026/04/28 9:16 a.m.3 views

CVE-2026-7243

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

10CVSS0.01221EPSS
Exploits0References5
NVD
NVDadded 2026/04/28 8:16 a.m.2 views

CVE-2026-7240

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...

10CVSS0.01221EPSS
Exploits0References5
NVD
NVDadded 2026/04/28 8:16 a.m.3 views

CVE-2024-54012

Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to...

8.5CVSS0.0003EPSS
Exploits0References1
CVE
CVEadded 2026/04/28 8:15 a.m.10 views

CVE-2026-7244

The CVE concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). Affects CGI Handler: function setWiFiEasyGuestCfg in /cgi-bin/cstecgi.cgi. The vulnerability arises from improper handling of the merge argument, enabling os command injection. Remote exploitation is possible, and public exploits e...

10CVSS8.3AI score0.01221EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/28 8:15 a.m.2 views

CVE-2026-7244

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

10CVSS5.3AI score0.01221EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/04/28 8:15 a.m.1 views

EUVD-2026-26017

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

10CVSS5.2AI score0.01221EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/28 8:0 a.m.3 views

CVE-2026-7243 Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

10CVSS8.4AI score0.01221EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 8:0 a.m.12 views

CVE-2026-7243

Totolink A8000RU (firmware 7.1cu.643_b20200521) CGI Handler /cgi-bin/cstecgi.cgi: vulnerable function setRadvdCfg. Attackers can remotely inject OS commands by manipulating the maxRtrAdvInterval argument. Publicly available exploit referenced; no mitigation details provided in the documents. Reme...

10CVSS8.4AI score0.01221EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/28 8:0 a.m.1 views

CVE-2026-7243

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

10CVSS5.3AI score0.01221EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/04/28 8:0 a.m.2 views

EUVD-2026-26016

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

10CVSS5.3AI score0.01221EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/28 7:45 a.m.1 views

EUVD-2026-26015

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from...

10CVSS5.1AI score0.01221EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/28 7:45 a.m.33 views

CVE-2026-7242 Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from...

10CVSS0.01221EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 7:45 a.m.6 views

CVE-2026-7242

The vulnerability CVE-2026-7242 affects Totolink A8000RU (7.1cu.643_b20200521) in the CGI Handler’s function setOpenVpnClientCfg (file /cgi-bin/cstecgi.cgi). The issue allows remote manipulation of an argument to trigger an OS command injection. Impact is described as high confidentiality, integr...

10CVSS8.2AI score0.01221EPSS
Exploits0References5
Rows per page
Query Builder