CLSA-2026-1779582830 vim: Fix of CVE-2026-46483

CVE-2026-46483: fix command injection in tar plugin Vimuntar when decompressing .tgz archives by passing the special flag to shellescape upstream vim 9.2.0479...

PT-2026-42975

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the Web Management Interface. This occurs when the provider argument is manipulated within the setDdnsCfg function of the '/cgi-bin/cstecgi.cgi'...

PT-2026-42976

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection flaw exists in the Web Management Interface. The issue occurs within the setGameSpeedCfg function of the '/cgi-bin/cstecgi.cgi' endpoint. Remote exploitation is...

PT-2026-42971

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A flaw in the POST Request Handler component allows for remote command injection. The issue exists within the formUSBStorage function located in the '/goform/formUSBStorage' endpoint. An attacker can...

PT-2026-42945

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

PT-2026-42957

A weakness has been identified in Totolink A8000RU 7.1cu.643 b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to...

PT-2026-42902

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The explo...

PT-2026-42919

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.12 Description A command injection flaw exists in the POST Request Handler component. A remote attacker can trigger this issue by manipulating the submit-url argument within the formAccept function of the...

Hermes Agent 操作系统命令注入漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent 5157f5427f19488b31c6fdebbacd15d798ce7f63 and earlier versions have a vulnerability related to operating system command injection. This vulnerability stems from improper...

PT-2026-42921

A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack ...

PT-2026-42955

A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...

PT-2026-42946

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be...

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “pinCode” in the POST Request Handler component...

PT-2026-42978

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the Web Management Interface. This occurs when the firewallType argument is manipulated within the setFirewallType function of the...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains an operating system command injection vulnerability. This vulnerability stems from improper handling of the provider parameter in the setDdnsCfg function of the...

PT-2026-42927

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 5157f5427f19488b31c6fdebbacd15d798ce7f63 Description An OS command injection issue exists in the terminal tool component, specifically within the detect dangerous command function located in the...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the resetFlags parameter in the function...

PT-2026-42917

A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument...

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from improper handling of parameters such as...

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from the formUSBStorage function in the POST Request Handler component, specifically the...