19630 matches found
CVE-2026-1601
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-1601
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-1601 Totolink A7000R cstecgi.cgi setUploadUserData command injection
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-1601 Totolink A7000R cstecgi.cgi setUploadUserData command injection
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-1601
Totolink A7000R 4.1cu.4154 contains a remote command-injection flaw in the CGI handler /cgi-bin/cstecgi.cgi, in setUploadUserData. Manipulating the FileName argument allows arbitrary command execution on the device. Public PoC/exploits exist, enabling remote attacks with low privileges and no use...
EUVD-2026-4972
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-1596
A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fotaurl causes command injection. The attack is possible to be carried out remotely. The exploit has been published a...
CVE-2026-1596
The CVE-2026-1596 entry affects D-Link DWR-M961 firmware 1.1.47, specifically the function sub_419920 in /boafrm/formLtefotaUpgradeQuectel. The vulnerability arises from manipulation of the fota_url argument, enabling remote command injection. Public exploitations exist, indicating potential in-t...
CVE-2020-37002
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
CVE-2020-37002
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
MAL-2026-601 Malicious code in tableautes (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db2caf2b50286de83c99e588ab33e86d828ff3c39fd0dac1c5f3da229cdfced7 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
CVE-2026-1506
A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /advmacfilter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has bee...
CVE-2026-1505
A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /settempnodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...
EUVD-2026-4846
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
PT-2026-5278
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
📄 Zimbra Collaboration Suite Postjournal 10.0.x Remote Code Execution
A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...
CVE-2025-69516
Amidaware Tactical RMM is affected by an SSTI in the /reporting/templates/preview/ endpoint (versions
PT-2026-5366
Name of the Vulnerable Software and Affected Versions D-Link DWR-M961 version 1.1.47 Description A flaw exists in the SMS Message component of D-Link DWR-M961 version 1.1.47. Specifically, the sub 4250E0 function within the /boafrm/formSmsManage file is susceptible to command injection. This occu...