70915 matches found
📄 pdf-image 2.0.0 Command Injection
In pdf-image version 2.0.0, a security issue allows OS command injection when untrusted input is passed to the PDFImage constructor and later processed by methods such as getInfo...
Tenda HG3 注入漏洞
The Tenda HG3 is a fiber-optic network terminal wireless router device designed for home broadband access by the Chinese company Tenda. Version 2.0 of the Tenda HG3 has a vulnerability related to command injection. This vulnerability stems from improper handling of the datasize parameter in the...
simple-openstack-mcp 命令注入漏洞
simple-openstack-mcp is an OpenStack command execution tool based on MCP developed by choieastsea. simple-openstack-mcp has a command injection vulnerability, which stems from the execopenstack function in the server.py file. This vulnerability may lead to OS command injections...
TOTOLINK A8000RU 命令注入漏洞
TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setWiFiEasyCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which...
PT-2026-35570
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras...
LogonTracer 操作系统命令注入漏洞
LogonTracer is a visual system log analysis tool developed by the Japanese JPCERT organization. This product can detect malicious login attempts by analyzing Windows Active Directory event logs. Versions of LogonTracer prior to 2.0.0 contained a vulnerability related to operating system command...
PT-2026-35529
A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...
PT-2026-35409
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used...
EUVD-2026-25898
A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...
PT-2026-35571
A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...
PT-2026-35520
A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet enabled leads to os command injection. It is possible to launch the...
PT-2026-35419
A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be initiated remotely...
TOTOLINK A8000RU 命令注入漏洞
The TOTOLINK A8000RU is a wireless router produced by TOTOLINK Corporation. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setUPnPCfg function in the CGI Handler component/cgi-bin/cstecgi.cgi file, which processes the...
📄 thumbler 1.1.2 Command Injection
The thumbler package through version 1.1.2 contains a critical command injection vulnerability in the thumbnail function. User-supplied input parameters input, output, time, size are concatenated into a single ffmpeg command string and executed via childprocess.exec without proper sanitization. A...
AutoForge 命令注入漏洞
AutoForge is an intelligent coding proxy tool open source by AutoForgeAI. Version 79d02a of AutoForge has a command injection vulnerability, which stems from the /devserver/start endpoint’s command injection. This vulnerability could allow attackers to execute arbitrary code...
D-Link DIR-822 注入漏洞
The D-Link DIR-822 is a wireless router produced by D-Link Corporation. The D-Link DIR-822 A101 version has a vulnerability related to command injection. This vulnerability stems from the handling of the parameter “Hostname” in the system function of the udhcpd DHCP service, located in the...
TOTOLINK A8000RU 命令注入漏洞
TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setDmzCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which processes...
TOTOLINK A8000RU 命令注入漏洞
The TOTOLINK A8000RU is a wireless router produced by TOTOLINK Corporation in China. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setWizardCfg function in the CGI Handler component/cgi-bin/cstecgi.cgi file, which...
PT-2026-35525
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643 b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated...
📄 node-tesseract-ocr 2.2.1 Command Injection
In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...