15265 matches found
CVE-2026-31175
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34678
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34674
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stun-user parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34704
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34703
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34711
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31179
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31176
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34733
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
CVE-2026-31162
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31178
ToToLink A3300R firmware v17.0.0cu.557_B20221024 is vulnerable via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi, enabling arbitrary command execution. The CVE-2026-31178 entry lists network-based access with high impact to confidentiality, integrity, and availability. Connected sources conf...
Radare2 MCP Server 操作系统命令注入漏洞
Radare2 MCP Server is an open-source binary analysis tool based on Radare2 developed by the radare.org community. Versions of Radare2 MCP Server prior to version 1.6.0 contained a vulnerability related to operating system command injection. This vulnerability arises from operating system command...
Malicious code in process-support (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ba15c5dd66c6282ee21f8ee819191d6fbbbf194845ad231ac7d26856d334db70 During import, the package automatically starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing...
CVE-2026-26354
Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.10, and LTS2024 7.13.1.0–7.13.1.60 contains a stack-based Buffer Overflow vulnerability. An unauthenticated, remote attacker could potentially exploit this to achieve arbitrary command execution. ...
CVE-2026-26943
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...
PT-2026-34533
Dell PowerProtect Data Domain with Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker...
GHSA-J2G9-RPRV-HRHC Dolibarr user with permission to edit PHP content can bypass filtering to restrict dangerous PHP functions
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...
MAL-2026-2963 Malicious code in typelimagic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7fcef0c386cca43024460aa4a1b47a99109e4ba02159a8fbe426c12f9884a83e Clone of a legitimate library. The added code scans system for sensitive files, with the focus on crypto currency wallets, and exfiltrate them. Previous versio...
PT-2026-34015
Name of the Vulnerable Software and Affected Versions Bamboo Data Center versions 9.6.0 through 9.6.24 Bamboo Data Center versions 10.0.0 through 10.2.17 Bamboo Data Center versions 11.0.0 through 12.1.5 Description An OS Command Injection issue allows an authenticated attacker to achieve Remote...
VulnCheck KEV: CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...