CVE-2026-9387

CVE-2026-9387 affects Totolink A8000RU Web Management, specifically the /cgi-bin/cstecgi.cgi function setUpgradeFW. The vulnerability arises from manipulation of the resetFlags argument, leading to OS command injection. Impact is described as remote, with high confidentiality, integrity, and avai...

Malicious code in react-malicious-clone (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f03498aa5167e02289d4c8984282f6a1b6321af60fb9ff04d0ce9503faefffdd Package name impersonates React and the package.json copies React's description, homepage react.dev, bugs URL, and canary versioning scheme. On...

CVE-2026-9386 Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...

CVE-2026-9386 Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...

CVE-2026-9385

Totolink A8000RU Web Management (cgi-bin/cstecgi.cgi: setTracerouteCfg) is vulnerable to os command injection due to argument manipulation. Affects version 7.1cu.643_b20200521; vulnerability is remotely exploitable and exploit publicly disclosed. Public details indicate high impact on confidentia...

EUVD-2026-31594

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

CVE-2026-9384 Totolink A8000RU Web Management cstecgi.cgi setDiagnosisCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

CVE-2026-9384

CVE-2026-9384 affects Totolink A8000RU (Firmware 7.1cu.643_b20200521) Web Management Interface, specifically the /cgi-bin/cstecgi.cgi function setDiagnosisCfg. The vulnerability arises from manipulation of the ip parameter, enabling os command injection. The issue is accessible remotely, with pub...

CVE-2026-9383

The CVE affects itsourcecode Electronic Judging System 1.0. The vulnerability exists in /intrams/admin/login.php where manipulation of the Username parameter enables SQL injection. This allows remote exploitation, as stated. The exploit is public. No additional remediation details are provided in...

EUVD-2026-31595

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

CVE-2026-9383

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

CVE-2026-9383 itsourcecode Electronic Judging System login.php sql injection

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

CVE-2026-9367 NousResearch hermes-agent terminal_tool approval.py detect_dangerous_command os command injection

A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detectdangerouscommand of the file tools/approval.py of the component terminaltool. This manipulation causes os command injection. It is possible to initiate the...

CVE-2026-9367

CVE-2026-9367 affects NousResearch hermes-agent (component: terminal_tool, file: tools/approval.py, function: detect_dangerous_command). The issue enables an OS command injection due to a manipulation in detect_dangerous_command, with a remote attack possible. Public exploit information is report...

CVE-2026-9355

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

CVE-2026-9356

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/managehistory.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

CVE-2026-9356 SourceCodester Hospitals Patient Records Management System manage_history.php sql injection

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/managehistory.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

EUVD-2026-31569

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

CVE-2026-9355 SourceCodester Hospitals Patient Records Management System Master.php save_patient_history sql injection

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

PT-2026-42944

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...