CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/04 4:0 a.m.•18 views

CVE-2026-7730

CVE-2026-7730 affects privsim mcp-test-runner 0.2.0. The vulnerability is in the MCP Interface’s src/index.ts where the function child_process.spawn mishandles the argument command, enabling an os command injection. Impact may be remote; exploit publicly available. Documents do not provide remedi...

6.5CVSS6.4AI score0.01089EPSS

EUVD•added 2026/05/04 4:0 a.m.•44 views

EUVD-2026-26884

6.5CVSS5.6AI score0.01089EPSS

NVD•added 2026/05/04 3:16 a.m.•10 views

CVE-2026-7721

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

6.5CVSS0.00916EPSS

Exploits0References5

ATTACKERKB•added 2026/05/04 2:0 a.m.•7 views

CVE-2026-7721

Exploits0References5Affected Software1

ATTACKERKB•added 2026/05/04 1:45 a.m.•5 views

CVE-2026-7720

A weakness has been identified in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack ...

Exploits1References5Affected Software1

ATTACKERKB•added 2026/05/04 1:15 a.m.•2 views

CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

6.5CVSS6.5AI score0.00916EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/04 1:15 a.m.•3 views

CVE-2026-7718 Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection

6.5CVSS6.5AI score0.00916EPSS

Exploits0References5

Positive Technologies•added 2026/05/04 12:0 a.m.•2 views

PT-2026-36750

A weakness has been identified in Totolink WA300 5.2cu.7112 B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack...

CNNVD•added 2026/05/04 12:0 a.m.•6 views

Exploits1References6

TOTOLINK WA300 注入漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The version 5.2cu.7112B20190227 of Totolink WA300 has a vulnerability caused by command injection. This vulnerability stems from the operation of the setLanguageCfg function in the POST Request Handler component’s...

6.5CVSS6.7AI score0.00916EPSS

Exploits1References1

CNNVD•added 2026/05/04 12:0 a.m.•6 views

TOTOLINK WA300 注入漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The Totolink WA300 5.2cu.7112B20190227 version has a vulnerability due to an issue with the function NTPSyncWithHost in the file/cgi-bin/cstecgi.cgi. This issue allows for command injection through the parameter...

6.5CVSS6.6AI score0.00916EPSS

Exploits0References1

Positive Technologies•added 2026/05/04 12:0 a.m.•3 views

PT-2026-36759

Name of the Vulnerable Software and Affected Versions privsim mcp-test-runner version 0.2.0 Description A flaw in the MCP Interface component allows for remote OS command injection. This occurs through the manipulation of the command argument within the child process.spawn function located in the...

6.5CVSS6.6AI score0.01089EPSS

Exploits0References8

Positive Technologies•added 2026/05/04 12:0 a.m.•5 views

PT-2026-36749

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description An issue exists in the POST Request Handler component where the manipulation of the webWlanIdx argument in the setWebWlanIdx function of the '/cgi-bin/cstecgi.cgi' endpoint allows for...

6.5CVSS6.9AI score0.00916EPSS

Exploits0References7

Positive Technologies•added 2026/05/04 12:0 a.m.•6 views

PT-2026-36751

A security vulnerability has been detected in Totolink WA300 5.2cu.7112 B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

NVD•added 2026/05/03 11:16 p.m.•14 views

CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS0.01158EPSS

Cvelist•added 2026/05/03 10:0 p.m.•40 views

CVE-2026-7705 JD Cloud JDCOS Service jdcap set_iptv_info command injection

6.5CVSS0.01158EPSS

ATTACKERKB•added 2026/05/03 10:0 p.m.•4 views

CVE-2026-7705

6.5CVSS6.3AI score0.01158EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/03 10:0 p.m.•23 views

EUVD-2026-26843

6.5CVSS6.3AI score0.01158EPSS

NVD•added 2026/05/03 2:16 p.m.•11 views

CVE-2026-7698

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

7.5CVSS0.01655EPSS