70817 matches found
PT-2026-42893
Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn versions prior to 1.31 Description An OS command injection flaw exists in the webs component. The issue occurs within the formWpsStart function located in the '/goform/formWpsStart' endpoint when processing the pinCode...
PT-2026-42875
A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The...
Edimax BR-6428nS 命令注入漏洞
The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS has a command injection vulnerability. This vulnerability stems from improper handling of multiple parameters in the system function of the goform/formWlanM file during POST request...
Edimax EW-7438RPn 操作系统命令注入漏洞
The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the function formWpsStart in the webs component...
PT-2026-42874
A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-23652
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-31512
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
EUVD-2026-31513
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-23652
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
EUVD-2026-31508
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
[SECURITY] [DLA 4597-1] atril security update
Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS Package : atril Version : 1.24.0-1+deb11u2 CVE ID : CVE-2026-46529 It was discovered that atril, a simple multi-page document viewer, is pron...
[SECURITY] [DLA 4596-1] evince security update
Debian LTS Advisory DLA-4596-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS Package : evince Version : 3.38.2-1+deb11u1 CVE ID : CVE-2026-46529 It was discovered that evince, a simple multi-page document viewer, is...
Exploit for Command Injection in Github Enterprise_Server
CVE-2026-3854 — GitHub Enterprise Server RCE via Push Option I...
Arbitrary Command Injection
Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not...
Arbitrary Command Injection
Overview shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not properly validated...
UBUNTU-CVE-2026-9277
shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...