CVE-2026-2118

A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument IspName can lead to command injection. The attack can be launched remotely. The...

EUVD-2026-5827

A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument IspName can lead to command injection. The attack can be launched remotely. The...

CVE-2026-2118

CVE-2026-2118 affects UTT HiPER 810 (version 1.7.4-141218) in the rehttpd component, where the function sub_4407D4 in /goform/formReleaseConnect processes the Isp_Name argument. Manipulating Isp_Name enables remote command injection, with exploit publicly disclosed and no user interaction require...

PT-2026-6943

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X version 250416 related to the processing of input for the file /goform/set ac status. Manipulation of the ac ipaddr, ac ipstatus, and ap randtime arguments can lead to...

PT-2026-7027

Name of the Vulnerable Software and Affected Versions D-Link DI-7100G C1 version 24.04.18D1 Description A flaw exists in the start proxy client email function that can allow for command injection. This issue can be exploited remotely. Recommendations At the moment, there is no information about a...

PT-2026-6939

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the Configuration Parameter Handler component of D-Link DIR-823X version 250416. The issue stems from manipulating the terminal addr, server ip, and server port arguments within the...

PT-2026-6980

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists within the Web Configuration Interface of the D-Link DIR-615, specifically in the adv routing.php file. Manipulation of the dest ip, submask, and gw arguments can lead to os command...

PT-2026-6994

Name of the Vulnerable Software and Affected Versions D-Link DIR-600 versions prior to 2.15WWb02 Description A flaw exists in D-Link DIR-600 firmware up to version 2.15WWb02 related to the ssdp.cgi file. Manipulation of the HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID argument can lead to command...

PT-2026-6998

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description A flaw exists in the Totolink WA300 device that allows for remote command execution. This is due to a vulnerability within the setAPNetwork function located in the /cgi-bin/cstecgi.cgi...

PT-2026-6961

Name of the Vulnerable Software and Affected Versions UTT HiPER 810 version 1.7.4-141218 Description A flaw exists in UTT HiPER 810 that allows for remote command injection. The issue is located in the sub 43F020 function within the /goform/formPdbUpConfig file. Manipulation of the policyNames...

PT-2026-6979

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists in the DMZ Host Feature of the D-Link DIR-615. Specifically, the issue resides within the adv firewall.php file. Manipulation of the dmz ipaddr argument can lead to operating system command...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CVE-2026-2061

A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub424D20 of the file /goform/setipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2063

A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/setacserver of the component Web Management Interface. The manipulation of the argument acserver results in os command injection. The attack can be launched remotely. The...

CVE-2025-64111

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-25643

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...

CVE-2026-2085

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The...

CVE-2026-2084

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

CVE-2026-2085

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The...