CVE-2026-7202 Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

CVE-2026-7202 Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

CVE-2026-7202

The CVE concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). It affects the CGI Handler’s file /cgi-bin/cstecgi.cgi, in the function setWiFiWpsStart, where manipulating the argument wscDisabled enables OS command injection. Impact is high on confidentiality, integrity, and availability (per ...

EUVD-2026-25959

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

CVE-2026-32649

CVE-2026-32649 describes a command injection vulnerability in the web server of specific firmware versions on Milesight cameras. The affected surface is the camera web server, with the root cause stated as a command injection flaw. Impact metrics indicate high impact to confidentiality, integrity...

CVE-2026-32649 Milesight Cameras OS Command Injection

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras...

CVE-2026-32649 Milesight Cameras OS Command Injection

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras...

EUVD-2026-25958

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras...

CVE-2026-32649

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras...

CVE-2026-7160

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-7160 Tenda HG3 formTracert command injection

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

EUVD-2026-25927

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

CVE-2026-7160 Tenda HG3 formTracert command injection

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

CVE-2026-7160

The vulnerability CVE-2026-7160 affects the Tenda HG3 2.0 device. It resides in the function formTracert of the file /boaform/formTracert, where manipulating the datasize argument can lead to a command injection. The attack can be performed remotely, and the exploit has been publicly disclosed. T...

CVE-2026-7156

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

CVE-2026-7157

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...

CVE-2026-7154

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument ttyserver can lead to os command injection. The attack can be launched...

CVE-2026-7155

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...