CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

CVE-2026-26461

This CVE concerns a Command Injection in the web management interface of Aver PTC320UV2 0.1.0000.65. An unauthenticated attacker can execute arbitrary commands via a crafted web request, indicating impact on confidentiality, integrity (partial), and limited availability per the CVSS vector. The v...

CVE-2026-26461

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...

PT-2026-36291

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...

EUVD-2026-26701

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...

TOTOLINK NR1800X 注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a vulnerability that stems from the operation of the...

Kompany MCP Server 命令注入漏洞

Kompany MCP Server is a collaboration tool for Eyal Individual Developers that connects an AI assistant to a task management platform. Kompany MCP Server suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter devscript in the file...

CVE-2026-26461

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...

command-executor MCP Server 命令注入漏洞

command-executor MCP Server is a secure execution tool for pre-approved commands from Maki Individual Developers. A command injection vulnerability exists in command-executor MCP Server version 0.1.0 and earlier, which stems from improper manipulation of the executecommand function in the...

CVE-2026-26461

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...

VulnCheck KEV: CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from an unknown function in the CGI Handler component file /cgi-bin/cstecgi.cgi, which manipulates th...

Aver PTC320UV2 命令注入漏洞

The Aver PTC320UV2 is an auto-tracking camera device from Aver Corporation. A command injection vulnerability exists in the Aver PTC320UV2 version 0.1.0000.65, which stems from a command injection vulnerability in the Web management interface that could allow an unauthenticated attacker to execut...

PT-2026-36545

Name of the Vulnerable Software and Affected Versions Sunwood-ai-labs command-executor-mcp-server versions prior to 0.1.1 Description An OS command injection flaw exists in the MCP Interface component within the execute command function of the src/index.ts file. This allows for remote code...

PT-2026-36529

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...

Atlassian Bamboo 9.6.x < 9.6.25 / 10.x < 10.2.18 / 11.x < 12.1.6 Multiple Vulnerabilities

The version of Atlassian Bamboo installed on the remote host is 9.6.x prior to 9.6.25, 10.x prior to 10.2.18, or 11.x prior to 12.1.6. It is, therefore, affected by multiple vulnerabilities: - An OS command injection vulnerability allows an authenticated attacker to execute commands on the remote...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the username field in the FSx Windows File Server volume mounting process. An attacker can execute arbitrary shell commands with SYSTEM privileges on the underlying host by supplying specially crafted input. This i...

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...