CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

EUVD-2025-209597

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

CVE-2025-71284

Synway SMG Gateway Management Software is affected by an OS command injection in the RADIUS configuration endpoint /en/9-2radius.php. The radius_address POST parameter (and related fields) is split and interpolated directly into a sed command without sanitization, enabling an unauthenticated remo...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the filename parameter passed to editfiles function via click.edit. This function invokes a subprocess with shell=True that can be injected into by including double-quoted strings in a malicious filename. An attack...

DEBIAN-CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

EUVD-2026-26375

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7246

CVE-2026-7246 affects Pallets Click up to version 8.3.2. The vulnerability is a command injection in the click.edit() function that allows an unprivileged attacker to pass arbitrary OS commands. This is a local attack with high impact on confidentiality, integrity, and availability as per the cit...

CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

CVE-2026-7469

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-7469

CVE-2026-7469 affects Tenda 4G300 devices (US_4G300V1.0Mt_V1.01.42_CN_TDC01). The vulnerability resides in function sub_425A28 within the file /goform/DelFil, where manipulating the argument delflag leads to a command injection. The attack can be carried out remotely, and the exploit is public. I...

EUVD-2026-26306

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...