PT-2026-39867

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 version 1.10CNB05 R1B011D88210 Description A command injection flaw exists in the /goform/formDMZ.cgi endpoint. The issue is located within the sub 445E7C function, allowing a remote attacker to execute arbitrary commands...

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.49multiTDE01 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function fromSetWirelessRepeat in the goform/WifiExtraSet module of the httpd component, which processes...

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

D-Link DNS-320 操作系统命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a vulnerability related to operating system command injection. This vulnerability arises from functions such as cgisethost, cgisetntp, cgifancontrol, and cgimergeuser...

CVE-2026-36734

EDIMAX BR-6428nS V3 1.15 is reported vulnerable to Command Injection via the WLAN configuration input, exploitable by an authenticated attacker over the network due to insufficient input validation. The vulnerability enables execution of arbitrary system commands on the device with high impact on...

CVE-2026-36734

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...

PT-2026-39552

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

PT-2026-39708

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view task aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE BASE URL...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

PT-2026-39626

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An OS command injection issue exists in the Import/Export query export feature. User-supplied input is interpolated directly into a psql copy metacommand template without proper sanitization. An...

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

genie 安全漏洞

Genie is a CLI tool developed by Automagik that automatically converts sentence-based requests into complete pull requests. Version 2.5.27 of Genie has a security vulnerability. This vulnerability stems from command injection in the viewtask parameter of the readTranscriptFromCommit function, whi...

CVE-2026-36734

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.23 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function formWifiApScan in the httpd component’s file/goform/WifiApScan, which processes parameters...

PT-2026-39570

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi speed/cgi dhcpd lease/cgi ddns/cgi set ip/cgi upnp del/cgi dhcpd/cgi upnp add/cgi upnp edit of the file /cgi-bin/network mgr.cgi. The manipulation leads to os command injection. The attack is possib...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

PT-2026-39746

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is affected by a Command Injection in the helper function sub_42EF14 of /bin/alphapd. Passing/manipulating the LightSensorControl argument can lead to command execution. CVSSv3.1 base score 7.3 (HIGH); attack vector NETWORK, attack complexity LOW, privileges NONE, user in...

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...