CVE-2026-3801 Tenda i3 setAutoPing formSetAutoPing stack-based overflow

A vulnerability was found in Tenda i3 1.0.0.62204. Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...

CVE-2026-3798

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

CVE-2026-3798 Comfast CF-AC100 Request Path mbox-config sub_44AC14 command injection

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

CVE-2026-3798 Comfast CF-AC100 Request Path mbox-config sub_44AC14 command injection

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is no...

Comfast CF-AC100 命令注入漏洞

The Comfast CF-AC100 is a wireless USB network card developed by Comfast Corporation. The Comfast CF-AC100 version 2.6.0.8 has a command injection vulnerability. This vulnerability stems from incorrect operations on the function sub44AC14 in the file/cgi-bin/mbox-config?method=SET§ion=pingconfig,...

PT-2026-24006

A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub 44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is...

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

EUVD-2026-10092

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The CVE-2026-28773 entry concerns the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101). Affected component: the web-based Ping diagnostic utility at /IDC_Ping/main.cgi. Root cause: insecure parsing of the IPaddr parameter enables OS command injection by bypassing ...

PT-2026-22875

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 Description The web-based Ping diagnostic utility '/IDC Ping/main.cgi' is susceptible to OS Command Injection. The applicati...

valkey: Valkey: Denial of Service via invalid clusterbus packet

A flaw was found in Valkey, a distributed key-value database. A malicious actor with access to the Valkey clusterbus port can exploit an input validation vulnerability by sending a specially crafted invalid clusterbus packet. This lack of validation for clusterbus ping extension packets can lead ...

CVE-2026-3101

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...

SUSE CVE-2026-21863

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an out bound read, which might result in the system crashing. The Valkey clusterbus packet processin...

CVE-2026-3101

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...