Edimax BR-6428nS 命令注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS has a command injection vulnerability. This vulnerability stems from improper handling of multiple parameters in the system function of the goform/formWlanM file during POST request...

📄 MATLAB R2024a Code Execution / Information Disclosure

MATLAB R2024a suffers from a remote code execution vulnerability as well as a sandbox escape that allows for information disclosure. ================================================================================================================================== | Title : MATLAB R2024a RCE | |...

CVE-2026-7140 Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

PT-2026-35529

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

CVE-2026-28207 Zen-C Vulnerable to Command Injection via Malicious Output Filename

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

Zen C 操作系统命令注入漏洞

Zen C is a modern system programming language developed by z-libs. Versions of Zen C prior to 0.4.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the compiler’s main application logic, where the system function was used to execute...

Arbitrary Code Injection

cbpi4 is vulnerable to Arbitrary Code Injection. The vulnerability is due to lack of validation of the "logtime" URL parameter before passing it to the os.system function, which allows an attacker to execute arbitrary commands...

PT-2025-47230

Name of the Vulnerable Software and Affected Versions D-Link DWR-M920 version 1.1.5 D-Link DWR-M921 version 1.1.5 D-Link DIR-822K version 1.1.5 D-Link DIR-825M version 1.1.5 Description A security issue exists in D-Link devices that allows for command injection. The system function within the...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

EUVD-2006-3688

Malware in sbrugna...

EUVD-2025-27770

Malicious code in bioql PyPI...

EUVD-2025-19574

Malicious code in bioql PyPI...

CVE-2025-30055

The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter...

CGM CLININET Code Injection Vulnerability (CNVD-2025-19814)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from a system function that fails to properly filter special elements of a constructed code segment. An attacker can exploit this vulnerability to execute...

CVE-2025-30055

The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter...

CVE-2025-30055 Conditional RCE via the "system" function

The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter...

CVE-2025-30055

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2025-30055 Conditional RCE via the "system" function

The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter...

D-Link DIR-816 A2 Code Execution Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2 suffers from a code execution vulnerability that originates from an unverified system function in the bin/goahead file, which can be exploited by an attacker to cause remote code execution...

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...