EUVD-2026-26014

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

CVE-2026-7241 Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setOpenVpnClientCfg function in the CGI Handler component, specifically the handling of the...

CVE-2026-7202

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

EUVD-2026-25959

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

EUVD-2026-25923

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

CVE-2026-7154 Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument ttyserver can lead to os command injection. The attack can be launched...

CVE-2026-7152

Totolink A8000RU (firmware 7.1cu.643_b20200521) is affected by a vulnerability in the CGI Handler function setTelnetCfg (file /cgi-bin/cstecgi.cgi). The issue stems from manipulating the telnet_enabled argument, enabling OS command injection. It can be exploited remotely, and a publicly available...

CVE-2026-7137

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack ...

EUVD-2026-25865

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

CVE-2026-7125

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be initiated remotely. T...

CVE-2026-7122 Totolink A8000RU CGI cstecgi.cgi setUPnPCfg os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-7096 Tenda HG3 formgponConf os command injection

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgponloid results in os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-33277

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...

PT-2026-35275

Name of the Vulnerable Software and Affected Versions LogonTracer versions prior to 2.0.0 Description An OS command injection issue allows a logged-in user to execute arbitrary operating system commands. Recommendations Update to version 2.0.0 or later...

PT-2026-35520

A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet enabled leads to os command injection. It is possible to launch the...

CVE-2026-7064

CVE-2026-7064 affects AgentDeskAI browser-tools-mcp (up to version 1.2.0). The flaw involves a manipulation in the file browser-tools-server/browser-connector.ts that can enable os command injection. Reported as exploitable from remote, with an exploit published. Details in the connected document...

EUVD-2026-25731

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

CVE-2026-7061 Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

CVE-2026-7061

The CVE-2026-7061 entry affects Toowiredd chatgpt-mcp-server up to version 0.1.0. The vulnerability is in the MCP/HTTP component, specifically the file src/services/docker.service.ts, where a manipulation leads to an OS command injection. Remote exploitation is possible and the exploit has been m...