19630 matches found
ROS-20260623-73-0016
Vulnerability in Python 3.13 related to the failure to take measures for data cleaning at the management level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...
ROS-20260623-73-0014
Vulnerability in Python 3.11 related to the lack of measures taken to clean data at the management level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...
ROS-20260623-73-0012
Vulnerability in Python 3.9 related to the lack of measures taken to clean data at the control level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...
ROS-20260623-73-0011
The vulnerability in Python3 is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2026-12815
A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in an...
Amazon Linux 2023 : mariadb114, mariadb114-backup, mariadb114-client-utils (ALAS2023-2026-1845)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1845 advisory. During the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute...
CVE-2026-12815 coollabsio coolify Image Name os command injection
A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in an...
CVE-2026-12815
A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in an...
CVE-2026-12814
A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...
CVE-2026-12809
A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz5in1redirect of the file /goform/wiz5in1redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is...
CVE-2026-12810 Edimax BR-6478AC V2 POST Request mp command injection
A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...
CVE-2026-12809
Edimax BR-6478AC V2 firmware 1.23 is affected by a command injection in the POST Request Handler, specifically in wiz_5in1_redirect (/goform/wiz_5in1_redirect) where manipulation of the newpass argument enables remote code execution. Attack vector is network-based and requires no user interaction...
CVE-2026-12809 Edimax BR-6478AC V2 POST Request wiz_5in1_redirect command injection
A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz5in1redirect of the file /goform/wiz5in1redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is...
CVE-2026-12808
A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicl...
CVE-2026-12807
A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack...
CVE-2026-12808
A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicl...
CVE-2026-12808 Edimax BR-6478AC V2 POST Request stainfo command injection
A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicl...
CVE-2026-12807
A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack...
CVE-2026-12807
The CVE affects Edimax BR-6478AC V2, version 1.23, where the vulnerable component is the POST Request Handler function setWAN (file /goform/setWAN). Maliciously crafted values for pppUserName, pptpUserName, or L2TPUserName enable command injection, allowing a remote attacker to execute commands. ...
EUVD-2025-210293
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...