📄 motionEye 0.43.1b4 Remote Command Injection

A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...

PT-2026-20509

Name of the Vulnerable Software and Affected Versions Advantech WISE-6610 version 1.2.1 20251110 Description A flaw exists in Advantech WISE-6610 that allows remote execution of operating system commands. This is due to improper handling of the delete file argument within an unknown function of t...

📄 Redash 25.8.0 Password Hash Extraction

This PHP script is a security exploitation tool that targets Redash, an open-source data visualization platform. The tool leverages a configuration vulnerability in Redash's default PostgreSQL setup to perform two critical attacks. It can execute arbitrary system commands on the database server...

CVE-2026-2629

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

CVE-2026-2629

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

CVE-2026-2629 jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

GO-2026-4448 Gogs's update .git/config file allows remote command execution in gogs.io/gogs

Gogs's update .git/config file allows remote command execution in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...

CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

CVE-2026-2615

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...

CVE-2026-2615

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...

CVE-2026-2615 Wavlink WL-NU516U1 firewall.cgi singlePortForwardDelete command injection

A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument delflag can lead to command injection. The attack may be launched remotely. The exploit has been...

CVE-2026-2529

A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist results in command injection. The attack can be executed remotely. The vendor was contacted ear...

CVE-2026-2528

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...

CVE-2026-2535

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-2533

A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/toseidatasend.php. Executing a manipulation of the argument adrtxt1 can lead to command injection. It is possible to launch the attack remotely. The exploit has been published an...

CVE-2026-2534

A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub44AC4C of the file /cgi-bin/mbox-config?method=SET=ptestbandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-2526

A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multissid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could b...

PT-2026-20333

Name of the Vulnerable Software and Affected Versions Wavlink WL-NU516U1 versions up to 20251208 Description A flaw exists in Wavlink WL-NU516U1 that could allow for remote command injection. The issue is located in the singlePortForwardDelete function within the /cgi-bin/firewall.cgi file...

VulnCheck KEV: CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

PT-2026-20301

Name of the Vulnerable Software and Affected Versions Dell SmartFabric OS10 Software versions prior to 10.5.6.12 Description Dell SmartFabric OS10 Software is affected by an issue related to improper neutralization of special elements used in a command, potentially leading to command execution. A...