CVE-2026-38060

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...

CVE-2026-38060

The CVE-2026-38060 entry concerns Tenda 5G03 V05.03.02.04 (Version 1.0) with a vulnerability in the function action_unlock_sim, exploitable via the pin parameter to enable command injection. The mapped CVSS 3.1 base score is 9.8 (CRITICAL) with Network attack vector, no privileges required, no us...

PT-2026-49291

Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action unlock sim function through the pin parameter. Recommendations At the moment, there is no information about a newer version that contains a fix...

CVE-2026-50874

Summary: CVE-2026-50874 describes an OS command injection in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0. The vulnerability allows an attacker to execute arbitrary commands by supplying crafted input. This flaw is documented across multiple feeds (NVD/NVD-derived en...

PT-2026-49295

Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action dial call function through the dialNumber parameter. Recommendations At the moment, there is no information about a newer version that contains...

CVE-2026-38064

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actiondialcall via the dialNumber parameter...

CVE-2026-50871

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

CVE-2026-50874

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

PT-2026-49182

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack nee...

CVE-2026-38063

CVE-2026-38063 affects Tenda 5G03 V05.03.02.04 (Version 1.0). The vulnerability is a command injection in the function action_radio_on_with_ia_apn via the ia parameter. CVSS 3.1 base score 9.8 (Network, No auth, No user interaction). Exploitation status and concrete remediation details are not pr...

PT-2026-49294

Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action radio on with ia apn function through the ia parameter. Command injection is a flaw that allows an attacker to execute arbitrary operating syst...

PT-2026-49312

Name of the Vulnerable Software and Affected Versions kanishka-linux Reminiscence version 0.3.0 Description An OS command injection flaw exists in the media archiving and export pipeline component. This allows attackers to execute arbitrary commands on the operating system by providing a speciall...

PT-2026-49296

Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action ims on with apn function through the ims apn parameter. Recommendations At the moment, there is no information about a newer version that...

PT-2026-49292

Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action set volume function through the volume parameter. Recommendations At the moment, there is no information about a newer version that contains a...

PT-2026-49536

Name of the Vulnerable Software and Affected Versions browserstack-cypress-cli versions prior to 1.36.4 Description The browserstack-cypress-cli allows users to run Cypress tests on BrowserStack. An OS command injection is possible through the cypress config file configuration parameter. In the...

Qnap QTS and QuTS hero OS Command Injection (CVE-2026-24719)

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

CVE-2026-50872

The CVE-2026-50872 entry affects fossar selfoss v2.20-SNAPSHOT, with a vulnerability in the loopback request handling component that could allow arbitrary command execution and leakage of sensitive data via a crafted HTTP request. The issue is described across multiple sources (NVD/ENISA/CVE list...

PT-2026-49180

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

GeoVision LPC2011/LPC2211 DdnsSetting.cgi OS command injection vulnerability

Summary A OS command injection vulnerability exists in the DdnsSetting.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. Confirmed...

PT-2026-49313

Name of the Vulnerable Software and Affected Versions fossar selfoss version 2.20-SNAPSHOT Description An issue in the loopback request handling component allows attackers to execute arbitrary commands and obtain sensitive information by supplying a crafted HTTP request. Recommendations At the...