70925 matches found
PT-2026-35220
Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection flaw exists in the CGI Handler component. Remote, unauthenticated attackers can execute arbitrary operating system commands by manipulating the pptpPassThru...
PT-2026-35273
Name of the Vulnerable Software and Affected Versions choieastsea simple-openstack-mcp versions prior to 767b2f4a8154cca344344b9725537a58399e6036 Description An OS command injection flaw exists that allows remote attackers to execute arbitrary commands. The issue is located within the exec...
MiroFish 注入漏洞
MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish 0.1.2 and earlier have a vulnerability related to command injection, which stems from the SimulationIPCClient.sendcommand function in the...
PT-2026-35222
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...
Context Sync 命令注入漏洞
Context Sync is a local-first project memory tool developed by Mamba Personal Developer, based on MCP. Versions of Context Sync 2.0.0 and earlier had a command injection vulnerability, which originated from the os command injection present in the src/git-integration.ts file within the Git...
TOTOLINK A8000RU 命令注入漏洞
The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from improper handling of the pptpPassThru parameter in the setVpnPassCfg function of the...
Command Injection
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Command Injection via the uploadpack or receivepack kwargs in the Repo.clonefrom, Remote.fetch, Remote.pull, or Remote.push functions. An attacker can execute arbitrar...
GHSA-6R3X-H84W-FHXX PicoClaw has an Injection issue in its Web Launcher Management Plane component
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
PicoClaw has an Injection issue in its Web Launcher Management Plane component
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...
CVE-2026-6992
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
CVE-2026-6989
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...
CVE-2026-6992 Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
CVE-2026-6992 Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
CVE-2026-6992
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
EUVD-2026-25668
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
CVE-2026-6992
CVE-2026-6992 affects Linksys MR9600 (firmware 2.0.6.206937). The vulnerability lies in BTRequestGetSmartConnectStatus within /etc/init.d/run_central2.sh (JNAP Action Handler), where manipulating the argument pin enables OS command injection. The attack can be initiated remotely and public exploi...
CVE-2026-6989
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...
EUVD-2026-25665
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...
CVE-2026-6989 Tenda F453 Telnet Service telnet TendaTelnet command injection
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...
CVE-2026-6989 Tenda F453 Telnet Service telnet TendaTelnet command injection
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...