EUVD-2026-10290

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

CVE-2026-3798

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

CVE-2026-3798

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

CVE-2026-3798

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

PT-2026-24006

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub 44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is...

CVE-2026-3661

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

EUVD-2026-10208

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit ha...

CVE-2026-3704

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit ha...

CVE-2026-3704

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit ha...

CVE-2026-3704

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit ha...

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

CVE-2026-3696

CVE-2026-3696 affects Totolink N300RH (CGI Handler, /cgi-bin/cstecgi.cgi) where the setWiFiWpsConfig function can be manipulated to trigger OS command injection. Public exploit details indicate remote exploitaton with high impact across confidentiality, integrity, and availability. Affected versi...

EUVD-2026-10195

A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to t...

PT-2026-23911

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub 405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit h...

PT-2026-23896

Name of the Vulnerable Software and Affected Versions Totolink N300RH versions 6.1.1353 B20190305 Description A flaw exists in the CGI Handler component of Totolink N300RH, specifically within the setWiFiWpsConfig function of the /cgi-bin/cstecgi.cgi file. This allows for operating system command...

CVE-2026-3680

A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to t...

CVE-2026-3680

A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to t...

CVE-2026-3680

RyuzakiShinji biome-mcp-server (up to 1.0.0) contains a vulnerability in biome-mcp-server.ts that allows remote command injection via a manipulated input. The issue affects the server’s unknown functionality and can be triggered remotely; a public exploit exists. A patch is available (hash: 335e1...

CVE-2026-3680 RyuzakiShinji biome-mcp-server biome-mcp-server.ts command injection

A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to t...

CVE-2026-3680 RyuzakiShinji biome-mcp-server biome-mcp-server.ts command injection

A security flaw has been discovered in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection. The attack can be initiated remotely. The exploit has been released to t...