Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19614 matches found

CVE
CVEadded 2026/03/23 11:15 a.m.25 views

CVE-2026-4585

Tiandy Easy7 Integrated Management Platform up to 7.17.0 is affected by CVE-2026-4585. The vulnerability resides in the Configuration Handler, specifically the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp, where manipulation of the File argument leads to an OS command injection. The ...

10CVSS6.8AI score0.03312EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.9 views

PT-2026-27220

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360 B20241207/9.4.0cu.1498 B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...

8.6CVSS6.8AI score0.03034EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEVadded 2026/03/23 12:0 a.m.8 views

VulnCheck KEV: CVE-2020-9374

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature...

9.8CVSS6AI score0.42047EPSS
In wildExploits4References2
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.3 views

PT-2026-27217

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...

8.6CVSS5.9AI score0.00362EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.6 views

PT-2026-27143

A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit...

5.8CVSS5.5AI score0.02097EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2026/03/23 12:0 a.m.3 views

RHEL 9 : python3.9 (RHSA-2026:5218)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5218 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

6CVSS7.1AI score0.0056EPSS
Exploits0References9
EUVD
EUVDadded 2026/03/22 6:30 p.m.4 views

EUVD-2026-14333

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. T...

9CVSS6.9AI score0.03628EPSS
Exploits1References6
ATTACKERKB
ATTACKERKBadded 2026/03/22 5:29 p.m.4 views

CVE-2026-4558

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. T...

9CVSS6.9AI score0.03628EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/22 5:29 p.m.2 views

CVE-2026-4558 Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. T...

9CVSS5.5AI score0.03628EPSS
Exploits1References5
CVE
CVEadded 2026/03/22 5:29 p.m.27 views

CVE-2026-4558

CVE-2026-4558 affects Linksys MR9600 (firmware 2.0.6.206937). The vulnerability lies in the SmartConnect.lua function smartConnectConfigure, where manipulation of the arguments configApSsid, configApPassphrase, srpLogin, or srpPassword can lead to an OS command injection. The attack can be launch...

9CVSS6.9AI score0.03628EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/03/22 5:17 p.m.4 views

CVE-2026-33319

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

7.5CVSS0.00323EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/22 4:51 p.m.39 views

CVE-2026-4554 Tenda F453 WriteFacMac FormWriteFacMac privilege escalation

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...

6.5CVSS0.03411EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/03/22 4:29 p.m.6 views

CVE-2026-33319

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

5.9CVSS6AI score0.00323EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2026/03/22 10:16 a.m.2 views

CVE-2026-4543

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

6.5CVSS0.03379EPSS
Exploits1References6
ATTACKERKB
ATTACKERKBadded 2026/03/22 9:23 a.m.1 views

CVE-2026-4543

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

6.5CVSS6.3AI score0.03379EPSS
Exploits1References6Affected Software1
Cvelist
Cvelistadded 2026/03/22 9:23 a.m.27 views

CVE-2026-4543 Wavlink WL-WN578W2 POST Request firewall.cgi command injection

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

6.5CVSS0.03379EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2026/03/22 9:23 a.m.2 views

CVE-2026-4543 Wavlink WL-WN578W2 POST Request firewall.cgi command injection

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

6.5CVSS5.5AI score0.03379EPSS
Exploits1References6
CVE
CVEadded 2026/03/22 9:23 a.m.10 views

CVE-2026-4543

CVE-2026-4543 affects Wavlink WL-WN578W2 (model 221110). The vulnerability resides in the POST Request Handler within /cgi-bin/firewall.cgi. The root cause is a manipulation of the arguments dmz_flag and del_flag, enabling command injection. It can be triggered remotely, and exploitation details ...

6.5CVSS6.3AI score0.03379EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/22 4:2 a.m.1 views

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/22 4:2 a.m.2 views

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References7
Rows per page
Query Builder