CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 5 days ago•9 views

PT-2026-47168

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS6.2AI score0.01077EPSS

Positive Technologies•added 5 days ago•14 views

PT-2026-47170

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.00924EPSS

Exploits0References7

Positive Technologies•added 5 days ago•11 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01306EPSS

Positive Technologies•added 5 days ago•13 views

PT-2026-47174

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media dir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS7.2AI score0.0125EPSS

RedhatCVE•added 6 days ago•8 views

CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

8.8CVSS5.4AI score0.00116EPSS

RedhatCVE•added 6 days ago•11 views

CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

6.5CVSS5.3AI score0.00717EPSS

Exploits0References1

RedhatCVE•added 6 days ago•8 views

CVE-2026-46394

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

7.7CVSS6.7AI score0.00954EPSS

RedhatCVE•added 6 days ago•8 views

CVE-2026-45748

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /ssh/tunnel/connect endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields endpointIP, endpointUsername,...

9.8CVSS5.5AI score0.00967EPSS

RedhatCVE•added 6 days ago•6 views

CVE-2026-45744

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

9.9CVSS6AI score0.00326EPSS

GithubExploit•added 6 days ago•52 views

zoneminder-rce-poc

just wait and see Proof of concept for an OS command injectio...

6.8AI score

Exploits0

RedhatCVE•added 6 days ago•9 views

CVE-2026-8914

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

8.4CVSS5.5AI score0.00156EPSS

Exploits0References1

NVD•added 6 days ago•8 views

CVE-2026-11408

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS0.00937EPSS

EUVD•added 6 days ago•9 views

EUVD-2026-34965

Vulnrichment•added 6 days ago•4 views

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

Cvelist•added 6 days ago•38 views

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

6.5CVSS0.00937EPSS

CVE•added 6 days ago•17 views

CVE-2026-11408

Summary of CVE-2026-11408 : A vulnerability exists in vertex-app up to 2026.02.12 affecting the Log Viewer Endpoint, specifically the file app/model/LogMod.js. The issue arises from processing of the query parameter req.query, enabling an os command injection. This can be exploited remotely; expl...

ATTACKERKB•added 6 days ago•5 views

CVE-2026-11408

Exploits0References8Affected Software1

NVD•added 6 days ago•8 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS0.00924EPSS