CVE-2026-7067

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-4611

TOTOLINK X6000R firmware versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826 are affected. The vulnerability resides in the shttpd binary (/usr/sbin/shttpd) within the setLanCfg function, where manipulating the Hostname argument can trigger an OS command injection. The issue can be exploit...

EUVD-2026-8922

osctrl is Vulnerable to OS Command Injection via Environment Configuration...

CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

PT-2026-22225

Name of the Vulnerable Software and Affected Versions osctrl versions prior to 0.5.0 Description osctrl is a management solution for osquery. A command injection issue exists in the osctrl-admin environment configuration before version 0.5.0. An authenticated administrator can inject arbitrary...

CVE-2025-64093

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device...

CVE-2025-15502 Sangfor Operation and Maintenance Management System session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os command injection. The attack can be...

CVE-2025-64093

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device...

CVE-2025-64093

CVE-2025-64093 is an unauthenticated Remote Code Execution affecting Zenitel ICX500/ICX510 exposed to networks. Public descriptions consistently state an attacker can inject arbitrary commands into the device hostname, enabling remote code execution with no user interaction. The CVSSv3.1 base sco...

CVE-2025-64093 Unauthenticated Remote Code Execution via the device hostname

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device...

PT-2026-1844

Name of the Vulnerable Software and Affected Versions Zenitel ICX500 and ICX510 Description A remote code execution issue exists that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. The issue allows for the execution of commands without requiring...

Zenitel ICX500和Zenitel ICX510 安全漏洞

The Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that originates from an unauthenticated attacker being able to inject arbitrary commands into the hostname of the device...

CVE-2025-14659

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be...

CVE-2025-14659

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be...

EUVD-2025-202296

A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...

CVE-2025-65289

A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...

TencentOS Server 3: libssh (TSSA-2024:0219)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0219 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

DEBIAN-CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

...

GHSA-25GQ-JVX2-VG9X Silverstripe X-Forwarded-Host request hostname injection

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...