Lucene search
K

19629 matches found

Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.7 views

PT-2026-5469

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

9.8CVSS6.5AI score0.02255EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.9 views

PT-2026-5423

A weakness has been identified in Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS6.9AI score0.026EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.7 views

PT-2026-5378

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

10CVSS6.2AI score0.00336EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/01/30 12:0 a.m.277 views

📄 n8n 2.0.0-rc.4 Remote Command Execution

n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...

10CVSS6AI score0.97875EPSS
Exploits40
Cvelist
Cvelist
added 2026/01/29 11:32 p.m.33 views

CVE-2026-1638 Tenda AC21 mDMZSetCfg command injection

A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...

6.5CVSS0.02027EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/29 11:32 p.m.6 views

CVE-2026-1638

A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...

6.5CVSS5.7AI score0.02027EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/01/29 11:32 p.m.5 views

EUVD-2026-5015

A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...

6.5CVSS5.7AI score0.02027EPSS
Exploits0References5
OSV
OSV
added 2026/01/29 10:15 p.m.3 views

CVE-2026-1625

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

8.8CVSS5.7AI score0.02568EPSS
Exploits0References5
OSV
OSV
added 2026/01/29 10:15 p.m.4 views

CVE-2026-1624

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

8.8CVSS5.6AI score
Exploits0References5
NVD
NVD
added 2026/01/29 10:15 p.m.9 views

CVE-2026-1624

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

8.8CVSS0.02568EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/29 10:2 p.m.33 views

CVE-2026-1625 D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

6.5CVSS0.02568EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/29 10:2 p.m.4 views

CVE-2026-1625 D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

6.5CVSS5.2AI score0.02568EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/29 10:2 p.m.4 views

CVE-2026-1625

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

6.5CVSS5.7AI score0.02568EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/29 10:2 p.m.18 views

CVE-2026-1624

The data confirms a concrete vulnerability in D-Link DWR-M961 v1.1.47 affecting an unknown function in /boafrm/formLtefotaUpgradeFibocom. Manipulation of the argument fota_url enables command injection, with remote exploitation and publicly disclosed exploit information. No remediation details or...

8.8CVSS5.7AI score0.02568EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 10:2 p.m.5 views

CVE-2026-1624 D-Link DWR-M961 formLtefotaUpgradeFibocom command injection

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

6.5CVSS5.3AI score0.02568EPSS
Exploits0References5
NVD
NVD
added 2026/01/29 9:15 p.m.12 views

CVE-2026-1623

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

6.5CVSS0.0218EPSS
Exploits1References6
OSV
OSV
added 2026/01/29 8:50 p.m.9 views

BIT-RUM-2022-50806 4images 1.9 - Remote Command Execution (RCE)

4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...

8.6CVSS6.3AI score0.01088EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/29 8:32 p.m.6 views

CVE-2026-1623

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

6.5CVSS5.7AI score0.0218EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 8:32 p.m.5 views

CVE-2026-1623 Totolink A7000R cstecgi.cgi setUpgradeFW command injection

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

6.5CVSS5.7AI score0.0218EPSS
Exploits1References6
OSV
OSV
added 2026/01/29 7:16 p.m.5 views

CVE-2026-1601

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

5.3CVSS5.7AI score0.01936EPSS
Exploits1References6
Rows per page
Query Builder