Lucene search
K

3875 matches found

Vulnrichment
Vulnrichment
added 2026/03/15 8:32 p.m.2 views

CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

6.5CVSS6.2AI score0.01301EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/15 7:2 a.m.33 views

CVE-2026-4170 Topsec TopACM HTTP Request nmc_sync.php os command injection

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

10CVSS0.0207EPSS
Exploits0References4
CVE
CVE
added 2026/03/15 7:2 a.m.29 views

CVE-2026-4170

CVE-2026-4170 affects Topsec TopACM 3.0. The vulnerability resides in the HTTP Request Handler’s /view/systemConfig/management/nmc_sync.php function, where manipulating the argument template_path enables an unauthenticated remote OS command injection. The issue is remotely exploitable and publicl...

10CVSS7.1AI score0.0207EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/15 7:2 a.m.2 views

CVE-2026-4170

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

10CVSS5.7AI score0.0207EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/15 3:2 a.m.32 views

CVE-2026-4164 Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...

10CVSS0.02057EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/15 3:2 a.m.2 views

CVE-2026-4164 Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...

10CVSS5.5AI score0.02057EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.10 views

PT-2026-25571

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function cgi...

6.5CVSS6.2AI score0.03738EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.2 views

PT-2026-25567

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

6.5CVSS5.4AI score0.01301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.4 views

PT-2026-25538

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete Mac list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit...

10CVSS5.5AI score0.02057EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.5 views

PT-2026-25572

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function RSS Get Update...

6.5CVSS6.2AI score0.16779EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.8 views

PT-2026-25570

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file...

6.5CVSS5.5AI score0.03499EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/14 10:32 p.m.1 views

CVE-2026-4163 Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit...

10CVSS5.7AI score0.02103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/14 12:0 a.m.12 views

PT-2026-25511

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit...

10CVSS7.1AI score0.02103EPSS
Exploits0References12
EUVD
EUVD
added 2026/03/11 3:31 p.m.7 views

EUVD-2026-11145

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

7.5CVSS5.5AI score0.40802EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 12:32 p.m.8 views

CVE-2026-3943

CVE-2026-3943 affects H3C ACG1000-AK230. The vulnerability is a remote command-injection in an unknown part of /webui/?aaa_portal_auth_local_submit caused by manipulation of the argument suffix. Exploitation is possible without authentication and can be executed remotely; exploit details are publ...

7.5CVSS6.7AI score0.40802EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/11 12:32 p.m.95 views

CVE-2026-3943 H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

7.5CVSS0.40802EPSS
Exploits0References4
CVE
CVE
added 2026/03/11 3:11 a.m.9 views

CVE-2026-23814

This CVE concerns a vulnerability in the AOS-CX CLI where command parameters can be exploited to inject malicious commands by a low-privileged, authenticated remote attacker. The issue is actionable via network access, with no user interaction required, and it affects the ability to maintain conf...

8.8CVSS5.8AI score0.0055EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 3:11 a.m.28 views

CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

8.8CVSS0.0055EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-8937

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS5.5AI score0.02425EPSS
In wildExploits0References2
OpenVAS
OpenVAS
added 2026/03/11 12:0 a.m.2 views

Mageia: Security Advisory (MGASA-2026-0054)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS5.8AI score0.01596EPSS
Exploits2References5
Rows per page
Query Builder