Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

CVE-2026-7823

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the...

CVE-2026-9405

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation o...

PT-2026-31884

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the Totolink A7100RU router. The issue affects the setUrlFilterRules function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component. Manipulation of the...

CVE-2025-12214

CVE-2025-12214 affects Tenda O3 (outdoor wireless bridge) 1.0.0.10(2478). The vulnerability resides in the SetValue/GetValue function of the file /goform/sysAutoReboot, where improper validation of the enable argument leads to a stack-based buffer overflow. This can be triggered remotely and has ...