202 matches found
CVE-2026-22095
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22095
The CVE-2026-22095 entry describes a command injection vulnerability in the network diagnosis endpoint of a web server listening on port 8090. Details from connected sources confirm the affected component is the diagnosis endpoint (web server) and that exploitation would allow command execution w...
CVE-2026-22095 Command injection in diagnosis web endpoint
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-12219
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...
EUVD-2026-36692
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...
CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...
CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...
CVE-2026-12219
CVE-2026-12219 concerns Yealink SIP-T46U (108.86.0.118) involving the Web FastCGI Service. The vulnerable element is the function mod_diagnose.CommandShellByType in /api/diagnosis/start, where manipulating the Time argument leads to command injection. The flaw enables a remote attacker to execute...
PT-2026-49180
Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description Command injection is possible in the Web FastCGI Service via the '/api/diagnosis/start' endpoint. The issue occurs within the mod diagnose.CommandShellByType function when the Time argument is...
MAStrike: Shapley-Guided Collusive Red-Teaming on Multi-Agent Systems
Hierarchical multi-agent systems MAS are rapidly being deployed in high-stakes workflows across domains such as finance and software engineering. In these systems, safety and security are inherently distributed across role-specialized agents, significantly expanding the attack surface, particular...
CVE-2026-5293
The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...
CVE-2025-13605
3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...
CVE-2025-67447
The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...
SUSE CVE-2026-46027
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
CVE-2026-46027
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...
PT-2026-43894
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the net/smc module where a CLC decline can be received during the early stages of a handshake, before the...
CVE-2026-9384
CVE-2026-9384 affects Totolink A8000RU (Firmware 7.1cu.643_b20200521) Web Management Interface, specifically the /cgi-bin/cstecgi.cgi function setDiagnosisCfg. The vulnerability arises from manipulation of the ip parameter, enabling os command injection. The issue is accessible remotely, with pub...
CVE-2026-5293
The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...
CVE-2026-5293
The CVE concerns the WordPress plugin Diagnosis Generator (診断ジェネレータ作成プラグイン) up to version 1.4.16. It enables Stored Cross-Site Scripting via the js parameter due to missing authorization checks and insufficient input sanitization in themeFunc(), which runs on admin_init and processes theme update...