CVE-2026-3662

CVE-2026-3662 affects Wavlink WL-NU516U1 240425; vulnerable component is usb_p910 in /cgi-bin/adm.cgi. Manipulating the Pr_mode argument enables command injection, with remote access. Exploit disclosed publicly and vendor was contacted early. CVSS and related metrics exist across sources (includi...

CVE-2026-3662 Wavlink WL-NU516U1 adm.cgi usb_p910 command injection

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2026-3662 Wavlink WL-NU516U1 adm.cgi usb_p910 command injection

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2026-3661

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

PT-2026-23889

Name of the Vulnerable Software and Affected Versions RyuzakiShinji biome-mcp-server versions up to 1.0.0 Description A security flaw exists in RyuzakiShinji biome-mcp-server up to version 1.0.0, related to an unknown functionality within the biome-mcp-server.ts file. A manipulation of this...

PT-2026-23856

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr mode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

PT-2026-23781

Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07 Description The XikeStor SKS8310-8X Network Switch contains an OS command injection issue in the /goform/PingTestSet API endpoint. Unauthenticated remote attackers can execute...

EUVD-2026-9964

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmwareurl causes command injection. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-3612

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmwareurl causes command injection. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-3612

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmwareurl causes command injection. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-3612 Wavlink WL-NU516U1 OTA Online Upgrade adm.cgi sub_405AF4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmwareurl causes command injection. It is possible to initiate the attack remotely. The exploit h...

PT-2026-23624

Name of the Vulnerable Software and Affected Versions Wavlink WL-NU516U1 version V240425 Description A command injection issue exists in the OTA Online Upgrade component of the Wavlink WL-NU516U1 V240425. The issue is located in the sub 405AF4 function of the /cgi-bin/adm.cgi file. Manipulation o...

NewStart CGSL MAIN 6.06 (SP) : vim Vulnerability (NS-SA-2026-0010)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated...

CVE-2026-3485

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...

📄 Juniper JunosEvolved Remote Command Execution

This Metasploit module exploits an unauthenticated command injection vulnerability in the Juniper JunosEvolved API. The exploit workflow involves creating a custom command entity, mapping it to a Directed Acyclic Graph DAG, and triggering an execution instance. The module uses a non-destructive...

Unity Linux 20.1060e / 20.1070e Security Update: atril (UTSA-2026-005397)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005397 advisory. Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in...

CVE-2025-52365

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...

GHSA-XC68-RRQC-QGQ3 MCP NMAP Server has an Injection vulnerability

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...

CVE-2026-1775

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...