19607 matches found
CVE-2025-41265
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...
CVE-2025-41279
CVE-2025-41279 concerns Nozomi Networks Waterfall WF-500 RX Host (Administration WebUI). A CWE-78 OS Command Injection vulnerability in version 7.9.1.0 R2502171040 allows remote authenticated attackers to execute arbitrary OS commands on the WF-500 RX Host. The underlying root cause is improper n...
CVE-2025-41269
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
PT-2026-44834
Name of the Vulnerable Software and Affected Versions TRENDnet TEW-432BRP version 3.10B20 Description Command injection is possible through the remote manipulation of the ip/mask/gateway argument within the formSetRoute function of the '/goform/formSetRoute' endpoint. Command injection is a flaw...
TRENDnet TEW-432BRP 安全漏洞
TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. Version 3.10B20 of TRENDnet TEW-432BRP has a security vulnerability. This vulnerability stems from command injection in the file/goform/formSetRoute, where parameters such as ip, mask, and gateway can be used to...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 TX and RX Hosts 7.9.1.0 R2502171040 version contains an operating system command injection vulnerability. This...
PT-2026-44835
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-44461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable key...
CVE-2026-9440
A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...
CVE-2026-9511
A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The...
CVE-2026-9476
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be...
CVE-2026-9458
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack may be performed fr...
CVE-2026-44461
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
UBUNTU-CVE-2026-44461
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
CVE-2026-44461
The CVE affects the Zed code editor prior to version 0.227.1. When Zed builds SSH/WSL remote commands, it places environment variable keys into the shell command string without proper quoting or validation. If an attacker can control an environment variable key (e.g., via project terminal setting...
CVE-2026-44461
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
CVE-2026-44461 Zed: Remote Command Injection via Unquoted Environment Variable Keys (SSH / WSL Remote)
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
CVE-2026-44461 Zed: Remote Command Injection via Unquoted Environment Variable Keys (SSH / WSL Remote)
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
EUVD-2026-32936
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
CVE-2026-9565
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...