CVE-2026-31255

Summary: CVE-2026-31255 concerns a command-injection vulnerability in the Tenda AC18 router. The flaw is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows an attacker to execute arbitrary system commands. The affected product/version is Tenda ...

Linux Distros Unpatched Vulnerability : CVE-2026-41411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag,...

Tenda HG3 命令注入漏洞

The Tenda HG3 is a fiber-optic network terminal wireless router device designed for home broadband access by the Chinese company Tenda. Version 2.0 of the Tenda HG3 has a command injection vulnerability. This vulnerability arises from the operation of an unknown function in the...

PT-2026-35378

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from improper handling of parameters in the setLoginPasswordCfg function within the CGI Handler...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from improper handling of the HTTP parameter in the CsteSystem function within the CGI Handler component’s...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the operation of the setWiFiAclRules function in the CGI Handler component’s...

ALSA-2026:11077 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:10711 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 9 : python3.11 (RHSA-2026:10774)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10774 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

ALSA-2026:11062 Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 9 : python3.12 (RHSA-2026:10745)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10745 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from improper handling of the parameter ttyserver in the setAdvancedInfoShow function within the CGI...

Tenda HG3 注入漏洞

The Tenda HG3 is a fiber-optic network terminal wireless router device designed for home broadband access by the Chinese company Tenda. Version 2.0 of the Tenda HG3 has a vulnerability related to command injection. This vulnerability stems from improper handling of the datasize parameter in the...

Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK Corporation. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setUPnPCfg function in the CGI Handler component/cgi-bin/cstecgi.cgi file, which processes the...

CVE-2026-7067

CVE-2026-7067 refers to a command injection in D-Link DIR-822 A_101’s udhcpd DHCP Service (file /udhcpcd/dhcpd.c, function system). The vulnerability stems from manipulating the Hostname argument, enabling remote code execution. Exploitation is possible over the network, with a publicly disclosed...

EUVD-2026-25737

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-7067 D-Link DIR-822 udhcpd DHCP Service dhcpd.c system command injection

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...