Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

143058 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/26 1:56 p.m.21 views

CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.4AI score0.00389EPSS
Exploits4References6
AlpineLinux
AlpineLinuxadded 2026/05/26 1:56 p.m.12 views

CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.4AI score0.00389EPSS
Exploits4
CVE
CVEadded 2026/05/26 1:56 p.m.132 views

CVE-2026-4480

CVE-2026-4480 : A flaw in the Samba printing subsystem causes the client-controlled job description string passed to the print command via %J to be executed without escaping shell meta characters, enabling remote code execution. Root cause: unescaped shell metacharacters in print job descriptions...

9.8CVSS6.4AI score0.00389EPSS
Exploits4References5Affected Software3
Cvelist
Cvelistadded 2026/05/26 1:56 p.m.39 views

CVE-2026-4480 Samba: samba: remote code execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9CVSS0.00389EPSS
Exploits4References5
Debian CVE
Debian CVEadded 2026/05/26 1:56 p.m.7 views

CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.4AI score0.00389EPSS
Exploits4
RedhatCVE
RedhatCVEadded 2026/05/26 1:51 p.m.4 views

CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.4AI score0.00389EPSS
Exploits4References4
Vulnrichment
Vulnrichmentadded 2026/05/26 1:45 p.m.7 views

CVE-2026-9551 Das Parking Management System 停车场管理系统 API Endpoint ExportParkingRecords xp_cmdshell sql injection

A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xpcmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack...

7.5CVSS6.9AI score0.00012EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/26 1:45 p.m.5 views

CVE-2026-9551

A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xpcmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack...

7.5CVSS6.9AI score0.00012EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploitadded 2026/05/26 1:25 p.m.51 views

Exploit for OS Command Injection in Olivetin

cve-2025-50946 Exploit script for CVE-2025-50946...

6.5CVSS5.8AI score0.01985EPSS
Exploits2
EUVD
EUVDadded 2026/05/26 12:30 p.m.8 views

EUVD-2026-31816

A vulnerability has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. T...

10CVSS7AI score0.00287EPSS
Exploits0References5
CVE
CVEadded 2026/05/26 12:30 p.m.10 views

CVE-2026-9543

CVE-2026-9543 - Totolink N300RH is affected through the Web Management Interface file /cgi-bin/cstecgi.cgi, function setPasswordCfg. Manipulating the argument admpass enables an OS command injection, allowing remote execution. Public exploit details exist, with HIGH impact on confidentiality, int...

10CVSS7AI score0.00287EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/26 12:30 p.m.10 views

CVE-2026-9543

A vulnerability has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. T...

10CVSS7AI score0.00287EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/05/26 12:30 p.m.36 views

CVE-2026-9543 Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection

A vulnerability has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. T...

10CVSS0.00287EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/26 12:30 p.m.7 views

CVE-2026-9543 Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection

A vulnerability has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. T...

10CVSS7AI score0.00287EPSS
Exploits0References5
OSV
OSVadded 2026/05/26 9:3 a.m.6 views

MAL-2026-4789 Malicious code in ggk-happy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da23474ba170aa6d3b5bea2c2e8ebbc59be022caec4b612528dd644891e31379 ggk-happy is a fork of the slopus/happy CLI that preserves the upstream README, homepage happy.engineering and repository URL github.com/slopus/happy...

6AI score
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/26 9:0 a.m.10 views

CVE-2026-42586

A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Redis codec encoder RedisEncoder does not properly validate or sanitize user-controlled string content for CRLF Carriage Return Line Feed characters. A remote attacker, by controlling the content of ...

7.1CVSS6.7AI score0.00008EPSS
Exploits1References4
OSV
OSVadded 2026/05/26 7:17 a.m.4 views

MAL-2026-4783 Malicious code in @iola_adm/iola-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e28a7ca88c4000d6efee1c0e324c8f28bebf03ef988e2ac3aa437857f34ee08 src/cli.js contains a hardcoded endpoint https://apiiola.yasg.ru referenced multiple times lines 1, 2, 198 and invoked via fetch at line 256, in code...

5.9AI score
Exploits0References1
NVD
NVDadded 2026/05/26 7:16 a.m.6 views

CVE-2026-9534

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

6.5CVSS0.04841EPSS
Exploits0References5
NVD
NVDadded 2026/05/26 7:16 a.m.7 views

CVE-2026-9532

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...

6.5CVSS0.04841EPSS
Exploits0References5
NVD
NVDadded 2026/05/26 7:16 a.m.7 views

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

6.5CVSS0.04841EPSS
Exploits0References5
Rows per page
Query Builder