VulnCheck KEV: CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

CVE-2026-6132

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

CVE-2026-6114

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated...

CVE-2026-6114

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated...

CVE-2026-6114

Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected via the CGI Handler function setNetworkCfg in /cgi-bin/cstecgi.cgi. Manipulating the proto argument yields an OS command injection, with remote feasibility. Public exploit exists (exploit code maturity: PROOF-OF-CONCEPT; CVSSv3.1 base 9...

CVE-2026-6112

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

CVE-2026-6112 Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

PT-2026-32146

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security flaw exists in Totolink A7100RU 7.4cu.2313 b20191024. The setTtyServiceCfg function within the CGI Handler component, located in the file /cgi-bin/cstecgi.cgi, is susceptible...

PT-2026-32189

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The setTracerouteCfg function within the /cgi-bin/cstecgi.cgi component CGI Handler is susceptible to OS...

MLflow Is Vulnerable To Stored Cross-Site Scripting (XSS) Caused By Unsafe Parsing Of YAML-based MLmodel Artifacts In It

MLflow is vulnerable to Stored Cross-Site Scripting XSS caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actio...

CVE-2026-5802

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

CVE-2026-6029

Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected by a vulnerability in the CGI Handler file /cgi-bin/cstecgi.cgi, specifically the setVpnAccountCfg function. Manipulating the User argument leads to an OS command injection. The flaw can be exploited remotely, and public exploits exist ...

CVE-2026-6025

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-6028

CVE-2026-6028 affects Totolink A7100RU (version 7.4cu.2313_b20191024). The vulnerability lies in the CGI Handler function setPptpServerCfg within /cgi-bin/cstecgi.cgi, where manipulating the argument enable enables an OS command injection . The issue can be triggered remotely and the exploit has ...

CVE-2026-6026

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can ...

CVE-2026-6014

CVE-2026-6014 affects D-Link DIR-513 devices (firmware 1.10) in the POST Request Handler’s formAdvanceSetup (/goform/formAdvanceSetup). The issue arises from manipulating the argument webpage, causing a buffer overflow. This can be exploited remotely and the exploit has been published. The adviso...

EUVD-2026-21270

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnetenabled results in os command injection. The attack is possible ...

CVE-2026-5993

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed...

PT-2026-31853

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the CGI Handler component of Totolink A7100RU. The setLoginPasswordCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to os command injection...