70996 matches found
EUVD-2026-29019
A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...
CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection
A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...
CVE-2026-8259 Tenda AC6 httpd telnet os command injection
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-8259
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-8259 Tenda AC6 httpd telnet os command injection
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-36734
EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...
PT-2026-39872
Name of the Vulnerable Software and Affected Versions WebdriverIO versions prior to 9.24.0 Description A command injection issue exists in @wdio/browserstack-service that allows remote code execution. The problem occurs during test orchestration when processing git branch names. An attacker can...
CVE-2026-36983
D-Link DCS-932L v2.18.01 is affected by a Command Injection in the helper function sub_42EF14 of /bin/alphapd. Passing/manipulating the LightSensorControl argument can lead to command execution. CVSSv3.1 base score 7.3 (HIGH); attack vector NETWORK, attack complexity LOW, privileges NONE, user in...
D-Link DIR-816 注入漏洞
The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The version 1.10CNB05R1B011D88210 of the D-Link DIR-816 has a vulnerability related to command injection. This vulnerability stems from the operation of the sub445E7C function in the /goform/singlePortForward file, which...
PT-2026-39571
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...
D-Link DNS-320 命令注入漏洞
The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability arises from functions such as delete, rename, copy, move, chmod, and chown in the file/cgi-bin/webfilemgr.cgi,...
CVE-2026-36983
D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...
CVE-2026-31246
GPT-Pilot (through commit 0819827ce20346ef5f25b3fe29293cb448840565) contains a command injection vulnerability (CWE-78) in the Executor.run() path. User prompts to confirm/modify a command are accepted as free-text and directly passed to asyncio.create_subprocess_shell(), enabling an attacker to ...
D-Link DNS-320 命令注入漏洞
The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability stems from functions in the file /cgi-bin/networkmgr.cgi, namely...
PT-2026-39616
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...
PT-2026-39868
Name of the Vulnerable Software and Affected Versions D-Link DIR-816 version 1.10CNB05 R1B011D88210 Description A command injection issue exists that allows a remote attacker to execute arbitrary commands. The flaw is located in the sub 445E7C function within the '/goform/singlePortForward'...
PT-2026-39870
A vulnerability was detected in D-Link DIR-816 1.10CNB05 R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...
D-Link DNS-320 操作系统命令注入漏洞
The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a vulnerability related to operating system command injection. This vulnerability arises from functions such as cgisethost, cgisetntp, cgifancontrol, and cgimergeuser...
CVE-2026-30635
CVE-2026-30635 describes a command-injection vulnerability in the automagik-genie 2.5.27 MCP Server. The issue affects the readTranscriptFromCommit path in dist/mcp/server.js, where an attacker can trigger arbitrary command execution via the view_task (also known as view) when reading from an ext...
CVE-2026-36734
EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...