CVE-2026-7096 Tenda HG3 formgponConf os command injection

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgponloid results in os command injection. It is possible to launch the attack remotely. The exploit has...

EUVD-2026-25786

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgponloid results in os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-7096

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgponloid results in os command injection. It is possible to launch the attack remotely. The exploit has...

Command Injection

Overview degit is a Straightforward project scaffolding Affected versions of this package are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-7067

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-33277

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...

CVE-2026-33277

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...

CVE-2026-33277

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...

CVE-2026-33277

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...

EUVD-2026-25741

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...

CVE-2026-33277

CVE-2026-33277 concerns an OS command injection in LogonTracer prior to v2.0.0. A logged-in user can cause arbitrary OS commands to execute due to the vulnerability in how input is processed. Affected software: LogonTracer (before version 2.0.0). The root cause is an input handling flaw that allo...

PT-2026-35411

A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setWiFiEasyCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which...

Tenda HG3 命令注入漏洞

The Tenda HG3 is a fiber-optic network terminal wireless router device designed for home broadband access by the Chinese company Tenda. Version 2.0 of the Tenda HG3 has a command injection vulnerability. This vulnerability arises from the operation of an unknown function in the...

PT-2026-35275

Name of the Vulnerable Software and Affected Versions LogonTracer versions prior to 2.0.0 Description An OS command injection issue allows a logged-in user to execute arbitrary operating system commands. Recommendations Update to version 2.0.0 or later...

📄 pdf-image 2.0.0 Command Injection

In pdf-image version 2.0.0, a security issue allows OS command injection when untrusted input is passed to the PDFImage constructor and later processed by methods such as getInfo...

PT-2026-35570

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras...

LogonTracer 操作系统命令注入漏洞

LogonTracer is a visual system log analysis tool developed by the Japanese JPCERT organization. This product can detect malicious login attempts by analyzing Windows Active Directory event logs. Versions of LogonTracer prior to 2.0.0 contained a vulnerability related to operating system command...

PT-2026-35529

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...