PT-2026-36615

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

PT-2026-36619

A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has...

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-7593

CVE-2026-7593 affects Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. The vulnerability resides in the MCP Interface’s function execute_command (src/index.ts), enabling an attacker to perform OS command injection . Remote exploitation is possible, with public disclosures already availabl...

CVE-2026-7590

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...

CVE-2026-7590

The CVE concerns eyal-gor p_69_branch_monkey_mcp (up to commit 69bc71874ce40050ef45fde5a435855f18af3373) with a vulnerability in the Preview Endpoint. The affected element is an unknown function in branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py; manipulating the dev_script argument...

CVE-2026-7590

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...

CVE-2026-7590 eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...

CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7548 Totolink NR1800X cstecgi.cgi sub_41A68C command injection

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7548

Totolink NR1800X firmware 9.1.0u.6279_B20210910 is affected. Vulnerable component: /cgi-bin/cstecgi.cgi, function sub_41A68C; manipulating the argument setUssd enables remote command injection. Exploit public. CVSS metrics indicate high impact and network-based access with low complexity. Impact ...

CVE-2026-7548 Totolink NR1800X cstecgi.cgi sub_41A68C command injection

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

CVE-2026-7538

Totolink A8000RU 7.1cu.643_b20200521 is affected by a CGI vulnerability in /cgi-bin/cstecgi.cgi where the proto parameter can be manipulated to trigger OS command injection. The issue allows remote exploitation and the exploit is publicly available. Affected component: CGI Handler (function Vulne...

PT-2026-36545

Name of the Vulnerable Software and Affected Versions Sunwood-ai-labs command-executor-mcp-server versions prior to 0.1.1 Description An OS command injection flaw exists in the MCP Interface component within the execute command function of the src/index.ts file. This allows for remote code...

VulnCheck KEV: CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

CVE-2026-7551

The CVE describes a remote code execution vulnerability in HKUDS OpenHarness exposed via the /bridge command. An attacker-enabled /bridge spawn command can forward attacker-controlled text to the bridge session manager and execute commands through the shared shell subprocess helper, allowing shel...