19649 matches found
CVE-2020-36910
Summary: CVE-2020-36910 affects Cayin Signage Media Player 3.0. An authenticated remote command injection exists in the system.cgi and wizard_system.cgi pages, exploitable via the NTP_Server_IP parameter with default credentials to run arbitrary shell commands as root. The vulnerability has a hig...
CVE-2026-0581
A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can b...
PT-2026-1521
Name of the Vulnerable Software and Affected Versions TRENDnet TEW-713RE version 1.02 Description A flaw exists in TRENDnet TEW-713RE that allows for remote operating system command injection. The issue is located in the /goformX/formFSrvX file, specifically through manipulation of the SZCMD...
CVE-2025-67397
An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...
PT-2026-1325
Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...
PT-2026-1228
Name of the Vulnerable Software and Affected Versions Tenda AC1206 version 15.03.06.23 Description A remote command injection issue exists in the formBehaviorManager function within the /goform/BehaviorManager file of the httpd component. Manipulation of the modulename/option/data/switch argument...
D-Link多款产品 访问控制错误漏洞
The D-Link DSL-2740R and other products are products of China AUO D-Link.The D-Link DSL-2740R is a high-performance ADSL router.The D-Link DSL-2640B is a wireless ADSL routed broadband cat.The D-Link DSL-2780B is a wireless ADSL routed broadband cat.The D-Link DSL-2780B is a wireless ADSL routed...
CVE-2025-67397
An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...
CVE-2025-15391
A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...
CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...
CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...
CVE-2025-15391
A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...
CVE-2025-15391
CVE-2025-15391 affects D-Link DIR-806A 100CNb11. The issue stems from the SSDP Request Handler’s ssdpcgi_main function, which fails to properly filter constructed command characters, enabling remote arbitrary command execution via command injection. Multiple connected sources corroborate a remote...
CVE-2025-15257
A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...
CVE-2025-15256
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack i...
CVE-2025-15389 QNO Technology|VPN Firewall - OS Command Injection
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...
EUVD-2022-55944
MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...
CVE-2022-50691
MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...
CVE-2022-50691
MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...
CVE-2022-50691
CVE-2022-50691 affects MiniDVBLinux 5.4. The flaw is a Remote Command Execution via the GET parameter named command on the /tpl/commands.sh endpoint, allowing unauthenticated attackers to execute arbitrary commands with root privileges. Exploitation details in connected sources confirm network-ex...