Lucene search
K

146586 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43248

A vulnerability has been found in Totolink N300RH 6.1c.1353 B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely...

10CVSS7AI score0.02133EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43259

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.02671EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

luci-app-https-dns-proxy 命令注入漏洞

Luci-app-https-dns-proxy is an OpenWrt DNS-over-HTTPS proxy with a web management interface, developed by Stan Grishin. Versions of Luci-app-https-dns-proxy dated back to December 29, 2025, and earlier have a command injection vulnerability. This vulnerability stems from command injection in the...

8.8CVSS6.1AI score0.02671EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43188

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.4AI score0.01803EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.8 views

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

6AI score0.01645EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.9 views

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

5.9AI score0.0107EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 12:0 a.m.16 views

CVE-2026-48687

CVE-2026-48687 affects FastNetMon Community Edition up to 1.2.9, specifically the Juniper router integration plugin. The OS command injection stems from the PHP file src/juniper_plugin/fastnetmon_juniper.php (log function) which builds shell commands by concatenating unsanitized user data from ar...

9.8CVSS6AI score0.01645EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.7 views

PT-2026-43256

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.22.10 Samba versions prior to 4.23.8 Samba versions prior to 4.24.3 Description A flaw exists in the Samba printing subsystem where the software passes a client-controlled job description string to the command...

10CVSS6.3AI score0.12797EPSS
Exploits7References118
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43192

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...

6.5CVSS6.3AI score0.01803EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.10 views

PT-2026-43328

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References6
Samba
Samba
added 2026/05/26 12:0 a.m.10 views

Unauthenticated Remote Code Execution

Description Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. This leads to a remote code execution vulnerability. Print servers configured with "printing...

9.8CVSS6.4AI score0.12797EPSS
Exploits7
CVE
CVE
added 2026/05/26 12:0 a.m.19 views

CVE-2026-48695

CVE-2026-48695: FastNetMon Community Edition

8.1CVSS5.9AI score0.0107EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/26 12:0 a.m.9 views

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

9.8CVSS6AI score0.01645EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/05/26 12:0 a.m.7 views

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

8.1CVSS5.9AI score0.0107EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.13 views

TencentOS Server 3: vim (TSSA-2026:0350)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0350 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.2CVSS6.5AI score0.0047EPSS
Exploits0References2
Amazon
Amazon
added 2026/05/26 12:0 a.m.21 views

Important: kernel-livepatch-6.12.83-113.160

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 In the Linux kernel, the...

8.8CVSS6AI score0.93235EPSS
Exploits42
Amazon
Amazon
added 2026/05/26 12:0 a.m.13 views

Important: kernel-livepatch-6.1.170-208.319

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.1.170-208.319 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS5.2AI score0.00269EPSS
Exploits3
Amazon
Amazon
added 2026/05/26 12:0 a.m.15 views

Important: valkey

Issue Overview: Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated...

8.8CVSS6.1AI score0.02995EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43300

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python checks.yml embeds $ github.event.pull request.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run tests model gen...

5CVSS6.1AI score0.00469EPSS
Exploits1References3
NVD
NVD
added 2026/05/25 11:16 p.m.15 views

CVE-2026-9512

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...

6.5CVSS0.01057EPSS
Exploits0References5
Rows per page
Query Builder