CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

CVE-2026-7687

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

CVE-2026-7642

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

SUSE CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CLSA-2026-1777943581 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal bypass in zip.vim by using simplify to detect attacks that circumvent the previous regex-only check - CVE-2026-39881: fix command injection in netbeans interface via unsanitized defineAnnoType and specialKeys parameters...

CLSA-2026-1777942049 Fix CVE(s): CVE-2026-39881

SECURITY UPDATE: fix command injection in netbeans interface via defineAnnoType validate typeName/fg/bg/specialKeys - debian/patches/CVE-2026-39881.patch: fix command injection in netbeans interface via defineAnnoType validate typeName/fg/bg/specialKeys - CVE-2026-39881...

EUVD-2026-27159

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quickcapture of the file pysharkmcp.py. The manipulation results in os command injection. The attack may be launched...

CVE-2026-7785

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quickcapture of the file pysharkmcp.py. The manipulation results in os command injection. The attack may be launched...

Wireshark MCP Server 命令注入漏洞

Wireshark MCP Server is a network packet capture and analysis tool developed by AG Personal Developers. Wireshark MCP Server has a command injection vulnerability, which stems from a issue with the quickcapture function in the pysharkmcp.py file. This vulnerability may lead to command injection v...

PT-2026-37084

Name of the Vulnerable Software and Affected Versions Crestron devices affected versions not specified Description A hidden console command contains a command injection flaw occurring when control characters are passed to its second argument. This issue exists in the way the console command is...

CVE-2026-36356

The CVE-2026-36356 issue affects MeiG Smart FORGE_SLT711 devices running firmware MDM9607.LE.1.0-00110-STD.PROD-1, where the GoAhead web server exposes an unauthenticated /action/SetRemoteAccessCfg endpoint that injects user input into a shell command via sprintf()/system(), enabling arbitrary co...

📄 OpenWrt 23.05 Remote Code Execution

OpenWrt version 23.05 suffers from an authenticated remote code execution vulnerability. Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link:...

PT-2026-37044

Name of the Vulnerable Software and Affected Versions MeiG Smart FORGE SLT711 version MDM9607.LE.1.0-00110-STD.PROD-1 Description The GoAhead web server allows unauthenticated OS command injection, a flaw where an attacker can execute arbitrary operating system commands on the device. This issue...

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

PT-2026-37039

A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub 408F90 of the file /cgi/iux set.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...

MeiG FORGE_SLT711 操作系统命令注入漏洞

MeiG FORGESLT711 is an industrial-grade wireless communication module developed by MeiG Corporation. MeiG FORGESLT711 has a vulnerability related to operating system command injection. This vulnerability stems from issues with the /action/SetRemoteAccessCfg endpoint in the GoAhead Web server, whi...

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

Code-MCP 注入漏洞

Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Code-MCP has a vulnerability that stems from the operation of the MCP Tool component in the gitoperation function located in the src/codemcp/server.py file. This vulnerability may lead to command injection...

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

📄 Atlona AT-OME-RX21 Authenticated Command Injection

Atlona AT-OME-RX21 suffers from an authenticated command injection vulnerability. // Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link:...