CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/28 1:22 a.m.•2 views

CVE-2026-7067

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS5.2AI score0.01623EPSS

Exploits1References1

NVD•added 2026/04/28 1:16 a.m.•3 views

CVE-2026-7204

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

10CVSS0.01221EPSS

NVD•added 2026/04/28 1:16 a.m.•1 views

CVE-2026-7202

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

10CVSS0.01221EPSS

CVE•added 2026/04/28 1:0 a.m.•13 views

CVE-2026-7211

CVE-2026-7211 affects the dvladimirov MCP project (up to version 0.1.0) with a vulnerability in the Git Search API. The flaw is exposed in the function GitSearchRequest within mcp_server.py, where manipulating the argument repo_url/pattern can trigger a command injection. The issue is exploitable...

7.5CVSS7.2AI score0.0212EPSS

Cvelist•added 2026/04/28 1:0 a.m.•23 views

CVE-2026-7211 dvladimirov MCP Git Search API mcp_server.py GitSearchRequest command injection

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcpserver.py of the component Git Search API. Executing a manipulation of the argument repourl/pattern can lead to command injection. The attack can be executed remotel...

7.5CVSS0.0212EPSS

ATTACKERKB•added 2026/04/28 1:0 a.m.•3 views

CVE-2026-7211

7.5CVSS7.2AI score0.0212EPSS

EUVD•added 2026/04/28 1:0 a.m.•2 views

EUVD-2026-25964

7.5CVSS7.2AI score0.0212EPSS

ATTACKERKB•added 2026/04/28 12:15 a.m.•0 views

CVE-2026-7204

10CVSS8.3AI score0.01221EPSS

CVE•added 2026/04/28 12:15 a.m.•6 views

CVE-2026-7204

CVE-2026-7204 affects Totolink A8000RU (firmware 7.1cu.643_b20200521). The vulnerability resides in the CGI Handler’s setPptpServerCfg function within /cgi-bin/cstecgi.cgi, where manipulation of the enable argument enables an OS command injection. The issue is remotely exploitable and has had an ...

10CVSS8.3AI score0.01221EPSS

EUVD•added 2026/04/28 12:0 a.m.•0 views

EUVD-2026-25960

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

Cvelist•added 2026/04/28 12:0 a.m.•23 views

CVE-2026-7203 Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection

10CVSS0.01221EPSS

ATTACKERKB•added 2026/04/28 12:0 a.m.•1 views

CVE-2026-7203

CVE•added 2026/04/28 12:0 a.m.•8 views

CVE-2026-7203

CVE-2026-7203 affects Totolink A8000RU (firmware 7.1cu.643_b20200521) in the CGI Handler component, specifically the function setUrlFilterRules in /cgi-bin/cstecgi.cgi. The argument enable can be manipulated to achieve OS command injection, enabling a remote attack. Exploit details are publicly a...

CNNVD•added 2026/04/28 12:0 a.m.•3 views

BinSoft mpGabinet 安全漏洞

BinSoft mpGabinet is a medical clinic management system developed by the Polish company BinSoft. Versions of BinSoft mpGabinet prior to December 23, 2021, contained security vulnerabilities. These vulnerabilities were due to issues with remote command execution, which could allow authorized users...

4.7CVSS5.9AI score0.00098EPSS

Exploits0References1

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35693

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

10CVSS8.3AI score0.01221EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35692

A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

10CVSS8.4AI score0.01221EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35829

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider mcp.py of the component code with ai. The manipulation of the argument working dir/editable files leads to command injection. The attack may ...

7.5CVSS7AI score0.0212EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•1 views

PT-2026-35690

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

10CVSS8.1AI score0.01221EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35691

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from...