Lucene search
K

19630 matches found

OSV
OSV
added 2026/01/29 7:16 p.m.5 views

CVE-2026-1601

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

5.3CVSS5.7AI score0.01936EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/29 6:32 p.m.6 views

CVE-2026-1601

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

6.5CVSS5.7AI score0.01936EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 6:32 p.m.6 views

CVE-2026-1601 Totolink A7000R cstecgi.cgi setUploadUserData command injection

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

6.5CVSS5.7AI score0.01936EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/29 6:32 p.m.31 views

CVE-2026-1601 Totolink A7000R cstecgi.cgi setUploadUserData command injection

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

6.5CVSS0.01936EPSS
Exploits1References6
CVE
CVE
added 2026/01/29 6:32 p.m.12 views

CVE-2026-1601

Totolink A7000R 4.1cu.4154 contains a remote command-injection flaw in the CGI handler /cgi-bin/cstecgi.cgi, in setUploadUserData. Manipulating the FileName argument allows arbitrary command execution on the device. Public PoC/exploits exist, enabling remote attacks with low privileges and no use...

6.5CVSS5.7AI score0.01936EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/01/29 6:32 p.m.10 views

EUVD-2026-4972

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

6.5CVSS5.7AI score0.01936EPSS
Exploits1References6
NVD
NVD
added 2026/01/29 4:16 p.m.10 views

CVE-2026-1596

A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fotaurl causes command injection. The attack is possible to be carried out remotely. The exploit has been published a...

8.8CVSS0.01813EPSS
Exploits0References5
CVE
CVE
added 2026/01/29 3:32 p.m.27 views

CVE-2026-1596

The CVE-2026-1596 entry affects D-Link DWR-M961 firmware 1.1.47, specifically the function sub_419920 in /boafrm/formLtefotaUpgradeQuectel. The vulnerability arises from manipulation of the fota_url argument, enabling remote command injection. Public exploitations exist, indicating potential in-t...

8.8CVSS5.6AI score0.01813EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/01/29 3:16 p.m.11 views

CVE-2020-37002

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS0.00653EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.4 views

CVE-2020-37002

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/29 10:8 a.m.6 views

MAL-2026-601 Malicious code in tableautes (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db2caf2b50286de83c99e588ab33e86d828ff3c39fd0dac1c5f3da229cdfced7 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.6 views

CVE-2026-1506

A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /advmacfilter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has bee...

8.6CVSS5.6AI score0.05071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.6 views

CVE-2026-1505

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /settempnodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

8.6CVSS5.6AI score0.04474EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/29 12:31 a.m.7 views

EUVD-2026-4846

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

6.5CVSS5.7AI score0.02769EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/01/29 12:0 a.m.4 views

CVE-2025-69516

A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...

8.8CVSS6.1AI score0.021EPSS
Exploits4References4
Vulnrichment
Vulnrichment
added 2026/01/29 12:0 a.m.3 views

CVE-2025-69516

A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...

6.1AI score0.021EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.10 views

PT-2026-5278

Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.136 views

📄 Zimbra Collaboration Suite Postjournal 10.0.x Remote Code Execution

A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...

6.3AI score
Exploits0
CVE
CVE
added 2026/01/29 12:0 a.m.21 views

CVE-2025-69516

Amidaware Tactical RMM is affected by an SSTI in the /reporting/templates/preview/ endpoint (versions

8.8CVSS6.1AI score0.021EPSS
Exploits4References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.12 views

PT-2026-5366

Name of the Vulnerable Software and Affected Versions D-Link DWR-M961 version 1.1.47 Description A flaw exists in the SMS Message component of D-Link DWR-M961 version 1.1.47. Specifically, the sub 4250E0 function within the /boafrm/formSmsManage file is susceptible to command injection. This occu...

6.5CVSS6AI score0.02568EPSS
Exploits0References8
Rows per page
Query Builder