CVE-2026-7037

Totolink A8000RU 7.1cu.643_b20200521 is affected by a vulnerability in the CGI Handler at /cgi-bin/cstecgi.cgi, function setVpnPassCfg. Manipulation of the pptpPassThru argument enables OS command injection, with remote execution possible. The exploit is publicly released and can be used for atta...

CVE-2026-7037 Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed...

SSH MCP Server 注入漏洞

SSH MCP Server is a tool developed by Tufan Tunç for remotely executing Shell commands via SSH. Versions of SSH MCP Server 1.5.0 and earlier have a vulnerability due to improper handling of the Description parameter in the shell.write function of the src/index.ts file, which may lead to command...

PT-2026-35220

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection flaw exists in the CGI Handler component. Remote, unauthenticated attackers can execute arbitrary operating system commands by manipulating the pptpPassThru...

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

CVE-2026-6989

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2026-6992 Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

CVE-2026-6989

CVE-2026-6989 affects Tenda F453 firmware up to version 1.0.0.3. The vulnerable component is the Telnet Service, specifically the TendaTelnet function in /goform/telnet. Successful exploitation enables command injection via a remote network attack without user interaction, with attackers possibly...

EUVD-2026-25663

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

CVE-2026-6980

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

CVE-2026-6980 Divyanshu-hash GitPilot-MCP main.py repo_path command injection

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

EUVD-2026-25656

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

PT-2026-37185

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.74.2 through 1.83.6 Description LiteLLM is a proxy server AI Gateway used to call LLM APIs in OpenAI or native format. The endpoints 'POST /mcp-rest/test/connection' and 'POST /mcp-rest/test/tools/list', used to preview an M...

PT-2026-35165

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

CVE-2026-39920

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

EUVD-2026-25569

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

CVE-2026-39920

BridgeHead FileStore before version 24A exposes the Apache Axis2 administration module on network endpoints with default credentials, allowing unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate using default credentials, upload a malicious Java archive a...

CVE-2026-31166

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi...