Lucene search
K

202 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-22095

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.00976EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-22095

The CVE-2026-22095 entry describes a command injection vulnerability in the network diagnosis endpoint of a web server listening on port 8090. Details from connected sources confirm the affected component is the diagnosis endpoint (web server) and that exploitation would allow command execution w...

9.3CVSS6.1AI score0.00976EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-22095 Command injection in diagnosis web endpoint

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.00976EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 a.m.15 views

CVE-2026-12219

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 4:30 a.m.15 views

EUVD-2026-36692

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 4:30 a.m.7 views

CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 4:30 a.m.44 views

CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 4:30 a.m.21 views

CVE-2026-12219

CVE-2026-12219 concerns Yealink SIP-T46U (108.86.0.118) involving the Web FastCGI Service. The vulnerable element is the function mod_diagnose.CommandShellByType in /api/diagnosis/start, where manipulating the Time argument leads to command injection. The flaw enables a remote attacker to execute...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49180

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description Command injection is possible in the Web FastCGI Service via the '/api/diagnosis/start' endpoint. The issue occurs within the mod diagnose.CommandShellByType function when the Time argument is...

6.5CVSS6.9AI score0.0105EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.17 views

MAStrike: Shapley-Guided Collusive Red-Teaming on Multi-Agent Systems

Hierarchical multi-agent systems MAS are rapidly being deployed in high-stakes workflows across domains such as finance and software engineering. In these systems, safety and security are inherently distributed across role-specialized agents, significantly expanding the attack surface, particular...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5293

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

6.4CVSS5.7AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2025-13605

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 12:0 a.m.33 views

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

9.8CVSS0.01026EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.11 views

SUSE CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

5.5CVSS5.7AI score0.00501EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:56 p.m.8 views

CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

7.5CVSS5.7AI score0.00501EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/05/27 12:56 p.m.47 views

CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

7.5CVSS0.00501EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43894

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the net/smc module where a CLC decline can be received during the early stages of a handshake, before the...

7.5CVSS5.9AI score0.00501EPSS
Exploits0
CVE
CVE
added 2026/05/24 1:30 p.m.29 views

CVE-2026-9384

CVE-2026-9384 affects Totolink A8000RU (Firmware 7.1cu.643_b20200521) Web Management Interface, specifically the /cgi-bin/cstecgi.cgi function setDiagnosisCfg. The vulnerability arises from manipulation of the ip parameter, enabling os command injection. The issue is accessible remotely, with pub...

10CVSS7AI score0.01732EPSS
Exploits0References5
NVD
NVD
added 2026/05/20 2:16 a.m.18 views

CVE-2026-5293

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

6.4CVSS0.00308EPSS
Exploits0References9
CVE
CVE
added 2026/05/20 1:25 a.m.20 views

CVE-2026-5293

The CVE concerns the WordPress plugin Diagnosis Generator (診断ジェネレータ作成プラグイン) up to version 1.4.16. It enables Stored Cross-Site Scripting via the js parameter due to missing authorization checks and insufficient input sanitization in themeFunc(), which runs on admin_init and processes theme update...

6.4CVSS6AI score0.00308EPSS
Exploits0References9
Rows per page
Query Builder