Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19581 matches found

CVE
CVEadded 2026/03/30 12:0 a.m.7 views

CVE-2026-5102

Totolink A3300R (17.0.0cu.557_b20221024) is affected by CVE-2026-5102 in the Parameter Handler’s setSmartQosCfg function, via the /cgi-bin/cstecgi.cgi file. The qos_up_bw parameter can be manipulated to trigger a remote command injection, allowing an attacker to execute arbitrary commands on the ...

8.8CVSS6.4AI score0.02164EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/30 12:0 a.m.4 views

PT-2026-28756

Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024 Description A security flaw exists in the Totolink A3300R router. This issue involves a command injection impacting the setSmartQosCfg function within the /cgi-bin/cstecgi.cgi file of the Paramete...

6.5CVSS5.8AI score0.02164EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2026/03/30 12:0 a.m.3 views

PT-2026-28759

A vulnerability was detected in Totolink A3300R 17.0.0cu.557 b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to...

6.5CVSS5.7AI score0.03674EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/03/30 12:0 a.m.1 views

PT-2026-29131

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.03EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2026/03/30 12:0 a.m.2 views

PT-2026-28757

Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024 Description A flaw exists in the Totolink A3300R device. The setUPnPCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through manipulation of the enable argumen...

6.5CVSS5.9AI score0.03638EPSS
Exploits1References7
RedhatCVE
RedhatCVEadded 2026/03/29 11:3 p.m.2 views

CVE-2026-5012

A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem ear...

7.5CVSS5.6AI score0.01381EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/29 11:0 p.m.25 views

CVE-2026-5101 Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

6.5CVSS0.02179EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/03/29 11:0 p.m.5 views

CVE-2026-5101

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

6.5CVSS5.7AI score0.02179EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2026/03/29 11:0 p.m.11 views

CVE-2026-5101

Totolink A3300R 17.0.0cu.557_b20221024 is affected. The vulnerability resides in the Parameter Handler’s /cgi-bin/cstecgi.cgi, specifically the setLanCfg function, where manipulating the lanIp argument leads to command injection. Remote exploitation is possible, and an exploit is publicly availab...

8.8CVSS5.7AI score0.02179EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/03/29 5:16 p.m.4 views

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

8.8CVSS0.01539EPSS
Exploits0References2
NVD
NVDadded 2026/03/29 10:15 a.m.3 views

CVE-2026-5041

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

5.8CVSS0.01894EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/29 9:45 a.m.35 views

CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

5.8CVSS0.01894EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/29 9:45 a.m.3 views

CVE-2026-5041

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

5.8CVSS5.8AI score0.01894EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/29 9:45 a.m.2 views

CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

5.8CVSS5.8AI score0.01894EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/29 6:31 a.m.2 views

EUVD-2026-16971

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...

6.5CVSS5.6AI score0.02281EPSS
Exploits1References6
ATTACKERKB
ATTACKERKBadded 2026/03/29 3:30 a.m.2 views

CVE-2026-5030

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...

6.5CVSS6.3AI score0.02281EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/03/29 1:15 a.m.3 views

CVE-2026-5020

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...

9.8CVSS0.02234EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/03/29 12:30 a.m.32 views

CVE-2026-5020 Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...

6.5CVSS0.02234EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/03/29 12:30 a.m.1 views

CVE-2026-5020

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...

6.5CVSS5.7AI score0.02234EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/29 12:0 a.m.4 views

PT-2026-28755

A vulnerability was identified in Totolink A3300R 17.0.0cu.557 b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

6.5CVSS5.7AI score0.02179EPSS
Exploits1References7
Rows per page
Query Builder