CVE-2026-50872

The CVE-2026-50872 entry affects fossar selfoss v2.20-SNAPSHOT, with a vulnerability in the loopback request handling component that could allow arbitrary command execution and leakage of sensitive data via a crafted HTTP request. The issue is described across multiple sources (NVD/ENISA/CVE list...

PT-2026-49180

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

GeoVision LPC2011/LPC2211 DdnsSetting.cgi OS command injection vulnerability

Summary A OS command injection vulnerability exists in the DdnsSetting.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. Confirmed...

CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

CVE-2026-12187

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

CVE-2026-12187 GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

CVE-2026-12187

CVE-2026-12187 affects GL.iNet GL‑MT3000 devices running firmware up to 4.4.5. The vulnerability is in an unknown function of the /usr/bin/one_click_upgrade component (Online Firmware Upgrade Handler) that allows remote command injection. Public disclosure and PoC details are indicated; exploitat...

CVE-2026-12186

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

CVE-2026-12186

GL.iNet GL-MT3000 is affected up to firmware 4.4.5. The vulnerability resides in the Tor Proxy Service Configuration Handler, specifically the replace_country function in the library /usr/lib/oui-httpd/rpc/tor, where input manipulation enables remote command injection. The issue can be exploited ...

EUVD-2026-36665

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

MAL-2026-5772 Malicious code in npx-whoami-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0971bcb88de070f17d932feff04cd6e66ecc825f606b412414457a3afb4ad174 The package's only code file index.js, also registered as the package's bin entry unconditionally executes require'childprocess'.execSync"bash -c...

CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

ALPINE-CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

ALPINE-CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

CVE-2026-11527 Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

EUVD-2026-36660

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

CVE-2026-11527

CVE-2026-11527 affects Perl Config::IniFiles prior to 3.001000. The vulnerability arises when _make_filehandle opens the -file argument with Perl’s 2-arg open(); untrusted input passed to -file can be treated as a command or redirect (e.g., starting/ending with |, or >/>>), enabling OS c...