19613 matches found
CVE-2026-5101
Totolink A3300R 17.0.0cu.557_b20221024 is affected. The vulnerability resides in the Parameter Handler’s /cgi-bin/cstecgi.cgi, specifically the setLanCfg function, where manipulating the lanIp argument leads to command injection. Remote exploitation is possible, and an exploit is publicly availab...
CVE-2026-34005
In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...
CVE-2026-5041
A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...
CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection
A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...
CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection
A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...
CVE-2026-5041
A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...
EUVD-2026-16971
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5020
A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...
CVE-2026-5020
A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...
CVE-2026-5020 Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection
A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...
PT-2026-28755
A vulnerability was identified in Totolink A3300R 17.0.0cu.557 b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...
EUVD-2026-16943
A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem ear...
CVE-2026-5012
A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem ear...
CVE-2026-5012
A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem ear...
CVE-2026-4622
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
CVE-2026-4620
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
PT-2026-28726
Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4 Description A flaw exists in elecV2, specifically in the pm2run function within the /rpc file. A manipulation of this function can lead to operating system command injection. This issue can be exploited remotely...
Generic HTTP Command Execution
This module interacts with existing command execution functionality on a target system, where user-supplied input is directly passed to system execution functions via a HTTP request. This could be from an existing vulnerability, or uploaded webshells such as: It is likely that HTTP evasion option...
CVE-2021-27489
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands...