CVE-2026-1544

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

CVE-2026-1547 Totolink A7000R cstecgi.cgi setUnloadUserData command injection

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

CVE-2026-1547

Totolink A7000R 4.1cu.4154 is affected by CVE-2026-1547 in the setUnloadUserData function of /cgi-bin/cstecgi.cgi. Manipulating the plugin_name argument enables command injection, with remote exploitation and a publicly available exploit. Multiple connected sources confirm the issue and its remot...

CVE-2026-1544 D-Link DIR-823X set_mode sub_41E2A0 os command injection

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

CVE-2026-1544

A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub41E2A0 of the file /goform/setmode. Performing a manipulation of the argument langateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to...

CVE-2026-1544

CVE-2026-1544 affects D-Link DIR-823X (firmware 250416). The vulnerability is in the function sub_41E2A0 of /goform/set_mode, where manipulation of the lan_gateway argument enables remote command injection. Exploitation has been publicly released, and the issue affects devices no longer supported...

CVE-2026-1506

The CVE-2026-1506 entry affects D-Link DIR-615, specifically the MAC Filter Configuration component’s file /adv_mac_filter.php. The vulnerability is an OS command injection triggered by manipulating the mac argument, enabling remote execution. The issue is documented across multiple sources (NVD,...

CVE-2026-1506 D-Link DIR-615 MAC Filter Configuration adv_mac_filter.php os command injection

A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /advmacfilter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has bee...

CVE-2026-1506

A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /advmacfilter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has bee...

CVE-2026-1505

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /settempnodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

CVE-2026-1505

CVE-2026-1505 affects D-Link DIR-615 v4.10 in the URL Filter component, due to improper processing of the file “/set_temp_nodes.php” that enables OS command injection. It can be triggered remotely and the exploit has been publicly released; affected devices are those no longer maintained. Multipl...

PT-2026-5053

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists in the URL Filter component of D-Link DIR-615 version 4.10, specifically in the processing of the /set temp nodes.php file. This allows for os command injection, which can be triggered...

MAL-2026-548 Malicious code in tabletas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d102f1cf4d0e6b08e5e77aa57a2a436a49f782fe6571b2a8e8d114e10d968d Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2026-23592

CVE-2026-23592 affects HPE Aruba Networking Fabric Composer. Insecure file operations in the backup functionality could allow authenticated attackers to achieve remote code execution and run arbitrary commands on the underlying OS. No remediation details are provided in the supplied documents.

CVE-2026-1419

A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

CVE-2026-1414

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

CVE-2026-1448

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wizpolicy3machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel...

CVE-2026-1448

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wizpolicy3machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel...

PT-2026-6969

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the D-Link DIR-823X firmware. This issue affects the sub 420688 function within the /goform/set qos file, potentially allowing for operating system command injection. The attack can b...