Lucene search
K

890 matches found

Cvelist
Cvelist
added yesterday7 views

CVE-2026-15428 OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with...

8.5CVSS
Exploits0References2
NVD
NVD
added 2026/07/07 2:16 p.m.7 views

CVE-2026-53479

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command...

7.2CVSS0.01196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 1:7 p.m.38 views

CVE-2026-53479

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command...

7.2CVSS0.01196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:22 p.m.34 views

CVE-2026-58457 Shenzhen Aitemi M300 MT02 Unauthenticated OS Command Injection via protocol.csp

Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilterconf handler in the commuos web backend. Attackers...

9.8CVSS0.01671EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 1:16 p.m.13 views

CVE-2026-44089

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:8 p.m.5 views

CVE-2026-44089

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 12:0 a.m.8 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 12:0 a.m.9 views

EUVD-2026-37919

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 12:0 a.m.24 views

CVE-2026-38714

CVE-2026-38714 affects InHand Networks IR912 and IR915 devices (firmware v1.0.0.r20042 and earlier). A command-injection flaw exists in the Python configuration function, allowing remote attackers to execute arbitrary commands as root via a crafted input. Documents do not specify exploited vector...

9.8CVSS6AI score0.01316EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/16 10:18 a.m.35 views

CVE-2026-10829

CVE-2026-10829 affects the NPort W2150A-W4 / W2250A-W4 Series (versions 1.5 and earlier). The issue is a stack-based buffer overflow caused by insufficient input validation of the "Server location" parameter on the Basic settings web page. An attacker can send crafted input to the web service to ...

8.6CVSS6.6AI score0.00472EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/11 11:11 a.m.19 views

Vulnerabilities found in Ivanti Sentry

Ivanti has identified two vulnerabilities in Sentry. The first vulnerability is rated by Ivanti with a CVSS score of 10. An unauthorized malicious actor can execute arbitrary code with root privileges through this vulnerability. The second vulnerability is rated with a CVSS score of 9.9. This...

10CVSS6AI score0.99041EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-38707

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target device...

9.8CVSS5.6AI score0.01243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

9.8CVSS5.6AI score0.01243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities; these vulnerabilities stem from a stack buffer overflow in the gdv-serverconfig module, which could allow remote attackers to...

8.8CVSS5.9AI score0.00466EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

MBS多款产品 安全漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities; these vulnerabilities stem from stack buffer overflows, which may allow remote attackers to gain full system access as root...

8.8CVSS5.8AI score0.00456EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.66 views

PT-2026-45987

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to 14SU6 Cisco Unified Communications Manager versions prior to 15SU5 Cisco Unified Communications Manager Session Management Edition affected versions not specified Description An...

8.6CVSS7.7AI score0.41694EPSS
Exploits3References180
NVD
NVD
added 2026/06/02 4:16 p.m.18 views

CVE-2026-30650

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

8.8CVSS0.00599EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 p.m.16 views

CVE-2026-38707

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target device...

9.8CVSS0.01243EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 p.m.21 views

CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

9.8CVSS0.01243EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 p.m.28 views

CVE-2026-38704

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

9.8CVSS0.01269EPSS
Exploits0References1
Rows per page
Query Builder