CVE-2026-4543

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

CVE-2026-4543

CVE-2026-4543 affects Wavlink WL-WN578W2 (model 221110). The vulnerability resides in the POST Request Handler within /cgi-bin/firewall.cgi. The root cause is a manipulation of the arguments dmz_flag and del_flag, enabling command injection. It can be triggered remotely, and exploitation details ...

CVE-2026-4543 Wavlink WL-WN578W2 POST Request firewall.cgi command injection

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

CVE-2026-4543 Wavlink WL-WN578W2 POST Request firewall.cgi command injection

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

CVE-2026-4543

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

CVE-2026-4537

CVE-2026-4537 affects Cudy TR1200 firmware version R46-2.4.15-20250721-164017. The vulnerability lies in the Lua-based web UI controller at /usr/bin/lib/lua/luci/controller/ipsec.lua, within the function action_ipsec_conn. Exploitation involves command injection via manipulation of this function,...

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

PT-2026-27019

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...

Exploit for OS Command Injection in Arcane

CVE-2026-23520 A proof‑of‑concept exploit demonstrat...

EUVD-2026-14165

Signal K set-system-time plugin vulnerable to RCE - Command Injection...

EUVD-2026-13800

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

EUVD-2026-13770

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and...

CVE-2026-4499

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-4497

CVE-2026-4497 (Totolink WA300) affects the /cgi-bin/cstecgi.cgi function recvUpgradeNewFw. Manipulation enables os command injection, with remote exploitation and a publicly disclosed exploit. Documents consistently identify the affected device/version (Totolink WA300 5.2cu.7112_B20190227) and th...

CVE-2026-4497

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and...

EUVD-2026-13716

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later...

CVE-2026-22897

QuNetSwitch is affected by a remote command injection vulnerability (CVE-2026-22897). The issue allows an attacker to execute arbitrary commands with network access, requiring no user interaction and no privileges. The root cause is a command injection reachable over the network, leading to high ...

EUVD-2026-13524

A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET&section=updateinterfacepng. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...