CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Technical details about CVE-2026-22623 are not publicly available in the provided documents. Monitor for updates from vendors and security feeds for affected HikSemi NAS products; no exploit vectors or affected versions are stated here.

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

EUVD-2026-5039

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

CVE-2026-0709

CVE-2026-0709 affects Hikvision Wireless Access Points. The vulnerability is an authenticated command‑execution flaw caused by insufficient input validation, allowing attackers with valid credentials to send crafted packets that execute arbitrary commands on affected devices. The CVSS metrics ind...

CVE-2026-24729

An unrestricted upload of file with dangerous type vulnerability exists in Interinfo DreamMaker’s file upload function, affecting versions before 2025/10/22. The root cause is an insufficient validation of uploaded files, enabling remote attackers to execute arbitrary system commands via a malici...

EUVD-2026-5017

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

CVE-2026-24729 Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

PT-2026-5433

Name of the Vulnerable Software and Affected Versions DokuWiki aelsantex runcommand plugin version 2014-04-01 Description The aelsantex runcommand plugin for DokuWiki allows unauthenticated attackers to execute arbitrary system commands. This is possible through the postaction.php file located in...

TOTOLINK NR1800X Command Injection Vulnerability (CNVD-2026-11736)

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

EUVD-2025-206573

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

PT-2026-5391

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2025-51958

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

PT-2026-5465

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

runcommand security vulnerability

Runcommand is a plugin developed by aelsantex for DokuWiki users. The version released on April 1, 2014, contains a security vulnerability. This vulnerability stems from a flaw in the lib/plugins/runcommand/postaction.php file, which could allow unauthenticated attackers to execute arbitrary syst...

Interinfo DreamMaker security vulnerabilities

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Versions of Interinfo DreamMaker prior to October 22, 2025, contained security vulnerabilities. These vulnerabilities stemmed from the file upload function not restricting dangerous file types, which could lead to...

Koken CMS code-related vulnerabilities

Koken CMS is a content management system developed by Todd Dominey. Version 0.22.24 of Koken CMS has code vulnerabilities; these vulnerabilities stem from an extension name limitation in the file upload function, which may allow the upload of malicious PHP files and the execution of system comman...