16791 matches found
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “enable” in the file...
MLflow 跨站脚本漏洞
MLFlow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLFlow prior to 3.10.1 contain a cross-site scripting vulnerability. This vulnerabili...
Linux Distros Unpatched Vulnerability : CVE-2026-4631
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An...
CVE-2026-5679 Totolink A3300R cstecgi.cgi vsetTr069Cfg os command injection
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stunpass leads to os command injection. The exploit has been disclosed publicly and may be used...
CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...
CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument configpath results in os command injection. Attacking locally is a requirement...
CVE-2026-5528
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may...
CVE-2026-5528 MoussaabBadla code-screenshot-mcp HTTP os command injection
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may...
CVE-2026-28798
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint /v1/sys/proxy exposed by ZimaOS's web interface can be abused via an externally reachable domain using a Cloudflare Tunnel to make requests to internal localhost...
EUVD-2017-18961
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
EUVD-2017-18963
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...
PT-2026-30387
Name of the Vulnerable Software and Affected Versions MoussaabBadla code-screenshot-mcp versions up to 0.1.0 Description A security issue exists in the HTTP Interface component of MoussaabBadla code-screenshot-mcp. This allows for os command injection, potentially enabling remote attacks. The...
CVE-2017-20236
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20238
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...
CVE-2017-20236
The CVE concerns ProSoft Technology ICX35-HWC cellular gateways (versions 1.3 and earlier) with an input validation weakness in the web user interface. The flaw allows remote attackers to inject and execute system commands via unvalidated fields, enabling root privilege escalation and arbitrary c...
CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20236
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20235
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...
CVE-2017-20238
Hirschmann Industrial HiVision (versions 06.0.00 and 07.0.00 before 06.0.06 and 07.0.01) contains an improper authorization vulnerability that lets read-only users gain write access to managed devices by bypassing access controls. The issue affects multiple interfaces, including the web UI and SN...