19 matches found
CVE-2026-3798
A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET§ion=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...
PT-2026-24006
A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub 44AC14 of the file /cgi-bin/mbox-config?method=SET§ion=ping config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is...
CVE-2026-3125 SSRF vulnerability in opennextjs-cloudflare via /cdn-cgi/ path normalization bypass
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...
CVE-2025-11490
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-11490
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-11490
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-11490
CVE-2025-11490 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The vulnerability is in the function extractBaseCommand (src/command-manager.ts) of the Absolute Path Handler, enabling remote OS command injection. Public exploit details exist and multiple sources describe exploitation via cr...
PT-2025-41300
Name of the Vulnerable Software and Affected Versions wonderwhy-er DesktopCommanderMCP versions up to 0.2.13 Description A flaw exists within the software that allows for operating system command injection. This occurs due to improper handling of commands within the extractBaseCommand function...
EUVD-2025-8036
Malicious code in bioql PyPI...
CVE-2025-7552 Dromara Northstar Path AuthorizationInterceptor.java preHandle access control
A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler. The manipulation ...
CVE-2025-2716
A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2025-2716
A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2025-2716 China Mobile P22g-CIac Samba Path path traversal
A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2025-2716 China Mobile P22g-CIac Samba Path path traversal
A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and m...
CVE-2025-2716
CVE-2025-2716 affects China Mobile P22g-CIac 1.0.00.488. According to multiple sources, the vulnerability originates from an issue in the Samba Path Handler component, enabling path traversal. The attack is described as remote and publicly disclosed, with the vendor reportedly unresponsive. The C...
CVE-2025-2618 D-Link DAP-1620 Path api set_ws_action heap-based overflow
A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function setwsaction of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit...
PT-2006-5230 · Phlymail · Phlymail Lite
Name of the Vulnerable Software and Affected Versions: PHlyMail Lite versions 3.4.4 and earlier Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the PM pathhandler parameter. This is a different attack vector. Note that this issue has been...