Lucene search
K

70996 matches found

EUVD
EUVD
added 2026/05/11 2:0 a.m.28 views

EUVD-2026-29019

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

5.8CVSS5.6AI score0.04554EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/11 2:0 a.m.8 views

CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

5.8CVSS5.6AI score0.04554EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/11 1:0 a.m.44 views

CVE-2026-8259 Tenda AC6 httpd telnet os command injection

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS0.04447EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 1:0 a.m.9 views

CVE-2026-8259

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.5AI score0.04447EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 1:0 a.m.13 views

CVE-2026-8259 Tenda AC6 httpd telnet os command injection

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.5AI score0.04447EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.11 views

CVE-2026-36734

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...

6.1AI score0.01018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39872

Name of the Vulnerable Software and Affected Versions WebdriverIO versions prior to 9.24.0 Description A command injection issue exists in @wdio/browserstack-service that allows remote code execution. The problem occurs during test orchestration when processing git branch names. An attacker can...

9.8CVSS6.3AI score0.02799EPSS
Exploits1References8
CVE
CVE
added 2026/05/11 12:0 a.m.20 views

CVE-2026-36983

D-Link DCS-932L v2.18.01 is affected by a Command Injection in the helper function sub_42EF14 of /bin/alphapd. Passing/manipulating the LightSensorControl argument can lead to command execution. CVSSv3.1 base score 7.3 (HIGH); attack vector NETWORK, attack complexity LOW, privileges NONE, user in...

7.3CVSS5.7AI score0.01235EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

D-Link DIR-816 注入漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The version 1.10CNB05R1B011D88210 of the D-Link DIR-816 has a vulnerability related to command injection. This vulnerability stems from the operation of the sub445E7C function in the /goform/singlePortForward file, which...

8.8CVSS6.6AI score0.03156EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39571

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...

5.8CVSS5.6AI score0.05587EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.22 views

D-Link DNS-320 命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability arises from functions such as delete, rename, copy, move, chmod, and chown in the file/cgi-bin/webfilemgr.cgi,...

7.2CVSS5.8AI score0.05587EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.8 views

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

5.7AI score0.01235EPSS
Exploits1References3
CVE
CVE
added 2026/05/11 12:0 a.m.52 views

CVE-2026-31246

GPT-Pilot (through commit 0819827ce20346ef5f25b3fe29293cb448840565) contains a command injection vulnerability (CWE-78) in the Executor.run() path. User prompts to confirm/modify a command are accepted as free-text and directly passed to asyncio.create_subprocess_shell(), enabling an attacker to ...

6.5CVSS6.5AI score0.00704EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.7 views

D-Link DNS-320 命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability stems from functions in the file /cgi-bin/networkmgr.cgi, namely...

7.2CVSS5.8AI score0.04637EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39616

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

6.5AI score0.00704EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39868

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 version 1.10CNB05 R1B011D88210 Description A command injection issue exists that allows a remote attacker to execute arbitrary commands. The flaw is located in the sub 445E7C function within the '/goform/singlePortForward'...

8.8CVSS6.8AI score0.03156EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39870

A vulnerability was detected in D-Link DIR-816 1.10CNB05 R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score0.03095EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

D-Link DNS-320 操作系统命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a vulnerability related to operating system command injection. This vulnerability arises from functions such as cgisethost, cgisetntp, cgifancontrol, and cgimergeuser...

7.2CVSS5.8AI score0.04544EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 12:0 a.m.18 views

CVE-2026-30635

CVE-2026-30635 describes a command-injection vulnerability in the automagik-genie 2.5.27 MCP Server. The issue affects the readTranscriptFromCommit path in dist/mcp/server.js, where an attacker can trigger arbitrary command execution via the view_task (also known as view) when reading from an ext...

8.1CVSS6.1AI score0.01008EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.10 views

CVE-2026-36734

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...

6.1AI score0.01018EPSS
Exploits0References2
Rows per page
Query Builder