CVE-2026-2210

A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub4211C8 of the file /goform/setfiltering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-2260

A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

CVE-2026-2260 D-Link DCS-931L setSysAdmin os command injection

A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

CVE-2026-2193

A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function setjhttpdinfo. Performing a manipulation of the argument usbusername results in command injection. Remote exploitation of the attack is possible...

CVE-2026-2184

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

CVE-2026-2188

A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-2194

A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function startproxyclientemail. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

📄 Palo Alto Networks PAN-OS 11.2 PHP Code Injection

Palo Alto Networks PAN-OS version 11.2 proof of concept remote command execution exploit that also leverages an authentication bypass vulnerability. ============================================================================================================================================= | Titl...

libssh 安全漏洞

libssh is a C-language development package from the libssh organization that allows access to SSH services. It can execute remote commands, transfer files, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from improper handling of...

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

CVE-2026-2168

A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fotaurl causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2026-2157

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...

CVE-2026-2155

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...

CVE-2026-2175

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420618 of the file /goform/setupnp. This manipulation of the argument upnpenable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to...

CVE-2026-2142

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

CVE-2026-2152

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

CVE-2026-2227

A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This...