CVE-2026-9296 Edimax BR-6428NS POST Request formWlanM system command injection

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

CVE-2026-9296

Edimax BR-6428NS (firmware 1.10) contains a POST Request Handler vulnerability in /goform/formWlanM that allows command injection via manipulating arguments such as ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1…/readE2P. The issue is exploitable remotely, with a public exploit a...

MAL-2026-4484 Malicious code in ask-my-llm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9429d8e8e36f3d97c246ce408491ea570ab5d3f5e7cb2481a3c2ea4b7c8477b8 index.js requires childprocess and contains hardcoded POST calls to https://cows.info.gf at lines 67 and 100, alongside references to process.env at...

CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

CVE-2026-33000

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

Remote Code Execution (RCE)

9router is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing authentication checks on /api/cli-tools/ and /api/mcp/ endpoints, which allows an attacker to chain unauthenticated API calls and execute arbitrary OS commands remotely...

SUSE CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

MAL-2026-4600 Malicious code in loading-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 640bfe1e0b6627e78ec34ef2d97df0d5d29d912446883f284c15935cc8f6f996 Package advertises itself via a verbatim copy of pino's README, docs/, and index.d.ts TypeScript types and documentation are pino's, but index.js doe...

PT-2026-42874

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

Edimax EW-7438RPn 操作系统命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the function formWpsStart in the webs component...

PT-2026-42875

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The...

Security update for cockpit (important)

openSUSE Security Update: Security update for cockpit Announcement ID: openSUSE-SU-2026:0176-1 Rating: important References: 1265040 Cross-References: CVE-2026-4802 CVSS scores: CVE-2026-4802 SUSE: 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE...

Edimax BR-6428nS 命令注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “repeaterSSID” in the formWlbasic function within the POST request processing...

Edimax BR-6428nS 命令注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS has a command injection vulnerability. This vulnerability stems from improper handling of multiple parameters in the system function of the goform/formWlanM file during POST request...

SIPp 安全漏洞

SIPp is an open-source SIP protocol testing tool and traffic generator developed by SIPp. Versions of SIPp 3.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from local buffer overflows in the handling of command-line parameters, which could allow local attackers to...

PT-2026-43096

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...

PT-2026-42893

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn versions prior to 1.31 Description An OS command injection flaw exists in the webs component. The issue occurs within the formWpsStart function located in the '/goform/formWpsStart' endpoint when processing the pinCode...

MAL-2026-4512 Malicious code in chai-as-repaired (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 949b90bd3c157955d029f9ea08bc32aea893e452c4ded78df98b80c1b831be76 Package name 'chai-as-repaired' is a 1-edit typosquat of the popular 'chai-as-promised' chai plugin 1M weekly downloads. The published code is...

CVE-2026-42827

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-41090

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...