> [!NOTE] > **This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations**. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new advisory to make it clear that all vulnerabilities concerning this feature are disclosed. > > Fo

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as such it will be run by the shell in use. To exploit this bug, the victim must use a netcat or a similar p

### Summary Two `Net::IMAP` commands, `#id` and `#enable`, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. ### Details When `Net::IMAP#id` is called with a hash argument, although the ID field value strin

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. ### Details Raw data arguments support embedded literal values, both synchronizing and non-synchronizing. Non-s

### Summary `shell-quote`'s `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (`\n`, `\r`, U+2028, U+2029). A line terminator in `.op` therefore passed through unescaped into the output; POSIX shells treat a literal `\

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec() method by _cloneWithGit() and fetchRefs() functions. An attacker can execute arbitrary operating system commands as the process user by supplying a specially crafted git repository name.

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called f83e0dcaf8cf18de94828341b0a1a61a86c75b

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been public

GL.iNet GL-MT3000路由器固件版本4.4.5及之前存在命令注入漏洞。漏洞位于/cgi-bin/glc文件的SET_USER_PWD处理器函数FUN_0042e200中，攻击者可通过远程发送特制的Password参数，实现命令注入。尽管厂商在版本4.8.1中声称已转义单引号并阻止了报告中的特定payload，但NVD仍确认该漏洞存在，且CVSS评分7.3（高危）。攻击者无需认证即可远程利用，可能导致设备被完全控制。建议用户立即升级到4.8.1或更高版本，并限制管理接口的网络暴露。

CVE-2026-11451 是 GL.iNet GL-MT3000 路由器固件 4.4.5 中的一个远程命令注入漏洞。漏洞存在于 /cgi-bin/glc 文件的 FTP 协议处理器组件中，具体位于 snprintf 函数。攻击者可以通过操纵参数 media_dir 实现命令注入，无需身份验证即可远程利用。成功利用可导致攻击者在设备上以低权限执行任意命令，影响保密性、完整性和可用性（CVSS 3.1 得分 7.3，高危）。厂商表示在 4.8.1 版本中，通过在将 media_dir 写入 FTP 配置命令前使用 escape_single_quote() 转义单引号来修复。厂商验证表明，依赖闭合单引号、追加命令和注释的 payload 在 4.8.1 下无法执行，只会作为普通配置写入 /etc/vsftpd.conf，不会触发 shell 命令。因此，该漏洞在 4.8.1 版本中已被有效修复。截至分析时，该漏洞未被列入已知利用列表（KEV），也未有在野利用的报告。建议所有运行 4.4.5 及更早版本的用户立即升级到 4.8.1，并限制设备的管理界面和 FTP 服务仅对可信网络暴露。

CVE-2026-11450 是影响 GL.iNet GL-MT3000 路由器（固件版本 4.4.5）的一个命令注入漏洞。漏洞位于 /usr/lib/oui-httpd/rpc/ 库的 dlopen 函数中，属于路径规范化处理组件。攻击者可以通过远程方式操纵 dev_name 参数，注入任意命令。成功利用此漏洞可能导致攻击者以设备权限执行任意代码，从而窃取敏感信息、修改配置或发起进一步攻击。厂商 GL.iNet 已确认此漏洞，并在固件版本 4.7 中修复：从该版本起，启用了 HTTP /rpc 层的方法级验证，移除了 nas‑web.eject_disk 的允许方法白名单，直接调用 eject_disk 会返回 Invalid params，阻断攻击链。CVSS 评分为 7.3（高），攻击复杂度低，无需身份验证。建议用户立即升级固件至 4.7 及以上版本。

GL.iNet GL-MT3000路由器固件版本4.4.5中存在一个命令注入漏洞（CVE-2026-11449），位于LuCI JSON-RPC接口的/cgi-bin/luci/rpc文件中的rpc_sys函数。攻击者可以远程利用该漏洞，通过发送特制的JSON-RPC请求注入任意操作系统命令，从而在设备上执行恶意操作。该漏洞需要低权限（CVSS攻击复杂度低，但需要认证），影响机密性、完整性和可用性（均为低影响）。CVSS评分为6.3（中等危险）。根据厂商确认，该漏洞已在较新固件版本中修复：从4.7.13版本开始，默认不再安装LuCI组件，因此漏洞无法被利用。建议用户升级到固件版本4.8.1或更高版本以彻底消除风险。对于无法立即升级的设备，应限制LuCI接口的网络访问（例如仅允许内网或VPN访问），并监控异常JSON-RPC请求。目前无证据表明该漏洞已在野被利用。

GL.iNet GL-MT3000 路由器（固件版本 ≤ 4.4.5）的 Minidlna 服务中存在一处命令注入漏洞。漏洞位于 /rpc 文件的 realpath 函数中，通过操控参数 kube.set，攻击者可在无需身份验证（但 CVSS 评分要求高权限，实际 CVSS 向量中权限要求为高，因此需要管理员权限）的情况下远程执行任意系统命令。该漏洞是因用户输入未充分过滤而直接拼接到命令中导致的。CVSS 评分为 4.7（中等），攻击复杂度低，但需要高权限。厂商已在固件版本 4.7 中通过 SDK 全局防护机制拦截恶意注入。建议所有受影响用户立即升级至 4.7 或更高版本。若无法立即升级，应限制 Minidlna 服务的网络暴露，仅允许可信 IP 访问，并监控异常日志。

该漏洞存在于GL.iNet GL-MT3000路由器（固件版本4.4.5及之前）的MTK后端组件中，具体位于iwinfo.so文件的iwinfo_backend函数。攻击者可通过操控该函数的device参数实现命令注入，从而在设备上执行任意命令。该漏洞可被远程利用，且已有公开的利用代码发布，增加了被攻击的风险。CVSS评分为6.3（中等），攻击复杂度低，需要低权限，影响机密性、完整性和可用性。厂商已在版本4.7中通过SDK全局保护机制修复了此问题，建议用户立即升级到最新固件。注意：本漏洞尚未被KEV收录，也未有明确的在野利用证据。

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The name of the patch is 805d82e7100d49b79b3beb1b942

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The name of the patch is 805d82e7100d49b79b3beb1b942

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 4.9.0_beta3-1012-0513-1778656146 is able to resolv

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

### Summary DbGate is vulnerable to authenticated Remote Code Execution (RCE). Any user with valid DbGate credentials can execute arbitrary OS commands as root by exploiting an unsanitized `functionName` parameter in the `/runners/load-reader` endpoint. The `require = null` mitigation is trivially bypassed via dynamic `import()`. ### Details **Code injection via `functionName` in loadReader*

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato.

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. This project is superseded by FreshTomato.

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This project is superseded by FreshTomato.

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is superseded by FreshTomato.

### Summary Due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. ### Impact If the following conditions are met, an attacker can execute arbitrary commands on the computer that is using the `launch-editor`: - An attacker can place a file with the malicious

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pane. The manipulation of the argument request.params.arguments.pane_id leads to os command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The projec

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptanc

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.0.9 is ca

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.0.9 is ca

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has b

CVE-2026-10166 是 Edimax BR-6478AC 无线路由器固件版本 1.23 中存在的一个命令注入漏洞。漏洞位于 /goform/formWlbasic 文件中的 formWlbasic 函数，该函数通过 POST 请求处理程序处理参数 rootAPmac。由于对用户输入的 rootAPmac 参数缺乏有效的过滤与验证，攻击者可以通过向路由器管理界面发送精心构造的 POST 请求，在参数中注入操作系统命令。成功利用该漏洞后，攻击者可以以 root 权限在路由器上执行任意命令，可能导致设备完全受控、网络流量被监听、后续内网横向移动等严重后果。该漏洞的利用细节已被公开披露，存在被广泛利用的风险。CVSS 评分为 6.3（中等），攻击向量为网络，攻击复杂度低，但需要低权限（即攻击者需要先获取一个有效账户）。受影响设备 Edimax BR-6478AC 是一款常见的家用/小型办公室无线路由器，固件 1.23 是较老版本。建议用户尽快升级固件或限制管理界面的网络暴露。

Edimax BR-6478AC 路由器固件版本1.23中存在一个命令注入漏洞。该漏洞位于/goform/formStaDrvSetup文件中的formStaDrvSetup函数，属于POST请求处理程序的一部分。攻击者可以通过向目标设备发送特制的POST请求，利用rootAPmac参数进行命令注入，从而在设备上执行任意命令。由于该路由器通常暴露在网络上，且攻击可以远程发起，因此风险较高。目前该漏洞的利用代码已经公开，可能被用于实际攻击。建议用户立即检查并更新至最新固件版本，若厂商尚未发布补丁，应限制对路由器管理界面的网络访问，避免暴露在公网。

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied branch names, repository URLs, and Docker credentials are interpolated directly into these commands without escaping. This requires an authenticated user w

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly interpolated into a shell command string. By including shell metacharacters such as ; or ", an attacke

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. ripgrep parses any argument that starts with - as an option, so a pattern of --pre=/bin/sh turns rip

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.

Command injection in Raynet rvia version 12.6.4392.49-amd64.deb allows adversaries to execute arbitrary Java code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command.

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command.

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is directly interpolated into Juniper NETCONF set-configuration commands at lines 69 and 90 without any validation or sanitization. Line 69: $conn->load_set_configuration("

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem e

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user holding the luci.https-dns-proxy ACL permission can inject shell metacharacters through the 'name' parame

gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands via the update field in .gitmodules that will be executed when Submodule::update() is called on a previou

A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is directly passed by the attacker/so we can control the NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDi

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for at

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

Insufficient Validation of Names During AXFR

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.

Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.

ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.

A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv_ssid results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosur

A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to th

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to th

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and task runs. A malicious workspace could provide crafted values through workspace settings or task names

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in privilege escalation.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.  Note: Software

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomcat process can write — including the servlet context root. Combined with the framework's multipart /

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a privileged user.

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.  This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior.

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only impacts Access Points running AOS-10.7.x.x and above. AOS-10.4 AP and AOS-8 Instant software branches

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be interpreted as command syntax. This vulnerability is fixed in 0.x.y-security-1.

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify any system data or shut down the system, resulting in a complete compromise of confidentiality, integ

CVE-2026-40135 是 SAP NetWeaver Application Server for ABAP 和 ABAP Platform 中的一个操作系统命令注入漏洞。该漏洞允许经过身份验证且具有管理权限的攻击者在服务器上执行特制的 shell 命令，并且能够绕过系统的日志记录机制，使得这些恶意命令的执行不被察觉。漏洞的根本原因在于应用对用户输入的 shell 命令参数缺乏充分的过滤和验证，导致攻击者可以注入并执行任意 OS 命令。由于攻击者需要管理权限，该漏洞的利用复杂度较高，但一旦成功，将对服务器的完整性（可能导致文件或配置被篡改）和可用性（可能引发服务中断）造成严重影响，而对机密性无直接影响（数据不被泄露）。CVSS 3.1 评分为 6.5（中等风险），攻击向量为网络，攻击复杂度低，需要高权限，无需用户交互。受影响的产品主要是 SAP NetWeaver Application Server for ABAP 及 ABAP Platform 的多个版本。建议受影响的用户立即关注 SAP 官方安全公告，并应用由 SAP 提供的安全补丁。在无法立即打补丁的情况下，应限制管理界面的网络暴露，仅允许可信 IP 访问，并加强日志审计以检测异常命令执行行为。该漏洞暂无已知的在野利用报告，也未被列入已知被利用漏洞目录（KEV）。

该漏洞存在于SAP Forecasting & Replenishment组件中，是一个操作系统命令执行漏洞。攻击者需具有管理员身份认证，并利用一个非远程启用的函数来执行任意操作系统命令。成功利用后，攻击者可读取或修改任何系统数据，甚至关闭系统，导致机密性、完整性和可用性完全丧失。CVSS评分为8.2，属于高危漏洞。虽然目前未被列入已知被利用漏洞目录（KEV）且没有在野利用证据，但由于其影响严重，建议优先修复。受影响版本尚未明确，但建议相关用户尽快查阅SAP官方安全公告并应用补丁。临时缓解措施包括限制对受影响功能的网络访问、遵循最小权限原则，以及监控系统日志中的异常命令执行行为。

A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely.

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be us

A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this i

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this i

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure.

A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure.

A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.

A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure.

A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure.

A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.

A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early

CVE-2026-8217 是影响 IAS Canias ERP 8.03 的一个操作系统命令注入漏洞。该漏洞存在于 RMI 接口中，具体位于 Runtime.getRuntime.exec 函数。攻击者可以通过向 troiaCode 参数传递恶意构造的字符串，实现远程命令执行。由于漏洞无需用户交互且攻击复杂度低，仅需低权限即可利用，攻击者可借此完全控制受影响系统，窃取数据、植入后门或横向移动。目前该漏洞的利用代码已公开，可能被广泛利用。厂商 IAS 在收到通报后未作回应，因此暂无官方补丁。建议用户立即限制 RMI 接口的网络暴露，仅允许可信任IP访问，并监控异常进程执行行为。由于缺乏补丁，建议考虑临时隔离受影响系统或升级到不受影响版本（如有）。

A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os command injection. The attack may be initiated remotely. The exploit has been released to the public an

A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

CVE-2026-8210 影响 aandrew-me 开发的 tgpt 工具（版本 <= 2.11.1），主要运行在 Linux 和 macOS 系统上。该漏洞位于 helper.go 文件中的 helper.Update 函数（即 Update Handler 组件），由于对用户输入处理不当，导致存在命令注入漏洞。攻击者需要本地访问权限，且利用复杂度较低（CVSS 3.1 评分 5.3，中等严重性），但成功利用后可能影响机密性、完整性和可用性（均为低影响）。目前漏洞细节及 PoC 已公开披露，增加了被利用的风险。厂商在早期收到通知后未作出回应，暂无官方补丁。建议用户限制受影响系统的本地访问权限，监控异常进程或命令执行行为，并考虑暂时停止使用该组件或迁移至替代工具。由于未确认在野利用，但公开 PoC 已存在，应视为中等紧急度。

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP comma

A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os command injection. The attack may be initiated remotely. The exploit has been released to the public an

A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control the ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway causes os command injection. The attack can be initiated remo

A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Automode/sel_EncrypTyp results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclos

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control the ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway causes os command injection. The attack can be initiated remo

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Automode/sel_EncrypTyp results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclos

A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.

CVE-2026-42453 影响 Termix，一个基于 Web 的服务器管理平台，提供 SSH 终端、隧道和文件编辑功能。在版本 2.1.0 之前，file-manager.ts 中的 extractArchive 和 compressFiles 端点使用双引号字符串构建 shell 命令，而其他文件管理器操作使用单引号转义。双引号允许 $(command) 替换，导致远程 SSH 主机上的命令注入攻击。攻击者可以利用该漏洞在目标服务器上执行任意命令，从而完全控制受影响的系统。该漏洞已在 Termix 2.1.0 版本中修复。建议用户立即升级到最新版本以缓解风险。对于无法立即升级的环境，应限制网络访问，仅允许信任的 IP 连接，并监控异常活动。由于没有证据表明该漏洞已在野利用，无需紧急响应，但鉴于其严重性，建议优先处理。

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. This issue has been patched in version 4.6.9.

A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py.

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter.

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When c

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends attacker-controlled remote version strings directly into an exec("rm -rf ...") command without validation. This issue has been patched in version 3.3.8.

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-controlled remote releaseInfo.name directly into an exec("open ...") command without validation. This issue has been patched in version 3.3.8.

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. T

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. T

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

CVE-2026-40068 影响 Claude Code 版本 2.1.63 至 2.1.83。该漏洞存在于文件夹信任判定逻辑中：当处理 git worktree 时，代码未对 `commondir` 文件内容进行验证，直接使用了该文件指向的路径。攻击者可构造恶意仓库，在其中 `commondir` 文件指向受害者之前已信任的路径。当受害者克隆该恶意仓库并运行 Claude Code 时，Claude Code 会误认为该仓库位于之前已信任的目录中，从而绕过信任确认对话框，直接执行位于该仓库 `.claude/settings.json` 中定义的钩子（hooks）。这允许攻击者在受害者机器上执行任意代码。利用前提是：受害者必须克隆攻击者控制的仓库并在其中运行 Claude Code，且攻击者需要知道或猜测受害者之前已信任的某个路径。该漏洞已在版本 2.1.84 中修复。建议所有用户立即升级到最新版本，避免克隆来源不明的仓库，或在运行 Claude Code 前手动验证仓库的信任状态。

A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted e

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery wi

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on

### Summary Several `Net::IMAP` commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain `CRLF` sequences, which an attacker can use to inject arbitrary IMAP commands. ### Details `Net::IMAP`'s generic argument handling, used by most command arguments, interprets string arguments

### Summary Symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. ### Details Symbol arguments represent IMAP "system flags", which are formatted as "atoms" (with no quoting) with a `"\"` prefix. Vulnerable versions of Net::IMAP sends the symbol name directly to the socket, with no validation. Because the Symbol

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the

A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not res

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about thi

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about thi

A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. Once again the vendors acted very professional and confirms, "that the WN570HA1 firmware ver

A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Once again the vendors acted very professional and confirms, "that the WN

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Once again the vendors acted very professional and co

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utiliz

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this di

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The

CVE-2026-7653 是一个影响 r-huijts 开发的 mcp-server-rijksmuseum（版本 ≤1.0.4）的 OS 命令注入漏洞。该漏洞位于 src/index.ts 文件中的 open_image_in_browser 函数，攻击者可通过构造恶意的 imageUrl 参数实现远程命令注入。由于该组件是一个 MCP（Model Context Protocol）服务器，用于与 Rijksmuseum 博物馆 API 交互，漏洞可能导致服务器被完全控制。该漏洞的利用代码已公开，且厂商在早期已收到问题报告但未回应。CVSS 评分为 6.3（中等），攻击复杂度低，需要低权限，但影响范围有限（机密性、完整性、可用性均为低）。当前未发现大规模在野利用，且未被列入已知被利用漏洞目录（KEV）。

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issu

CVE-2026-7642 影响 pskill9 开发的 website-downloader 工具（版本 ≤0.1.0）。该漏洞存在于 MCP（Model Context Protocol）接口的 src/index.ts 文件中的 download_website 函数中。攻击者可以通过向 outputPath 参数注入操作系统命令，实现远程命令执行。由于攻击者需要低权限（PR:L），且无需用户交互（UI:N），攻击复杂度低（AC:L），因此攻击可在未授权情况下远程发起。目前该漏洞的利用代码已公开，可能被恶意利用。项目维护者已通过 issue 得知该问题，但尚未发布补丁或回复。受影响的用户应立即停止使用该工具，或采取临时缓解措施（如限制网络暴露、对 input 参数进行严格过滤）。建议持续关注官方更新，待补丁发布后尽快升级。

CVE-2026-7629 影响 kleneway 开发的 awesome-cursor-mpc-server 工具（版本 ≤ 2.0.1）。该工具用于代码审查，其中 codeReview.ts 文件中的 runCodeReviewTool 函数存在命令注入漏洞。攻击者可以利用该函数，通过构造特制输入，在服务器上执行任意命令。攻击远程发起，且需要低权限（CVSS 权限要求：低）。漏洞利用代码已经公开，可能被武器化。项目维护者已通过 Pull Request 获悉问题，但尚未发布修复版本。漏洞评分 CVSS 6.3（中等），影响机密性、完整性、可用性均为低。当前未列入已知被利用漏洞目录（KEV），也无在野利用报告。建议立即采取缓解措施，如限制网络访问输入、实施输入验证、监控异常命令执行等，并关注官方更新。

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull req

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability onl

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability onl

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has n

ArtMin96 yii2-mcp-server 1.0.2 版本中存在一个 OS 命令注入漏洞。漏洞位于 src/index.ts 文件中的 yii_command_help 和 yii_execute_command 函数中，属于 MCP 接口组件的一部分。攻击者可以通过远程方式利用该漏洞，在具备低权限（需经过身份验证或拥有一定权限）的条件下，通过操控这些函数执行任意操作系统命令。该漏洞的利用代码已被公开发布，增加了被实际攻击的风险。项目维护者已被通过问题报告告知，但尚未做出回应或发布修复补丁。CVSS 3.1 评分为 6.3（中等），攻击向量为网络，攻击复杂度低，所需权限低，用户交互无，影响范围未改变，对机密性、完整性和可用性均造成低度影响。目前无证据表明该漏洞已在野被利用，也未被列入 CISA KEV 目录。建议受影响用户立即关注官方更新，在补丁发布前限制对相关接口的网络访问，并实施访问控制措施以降低风险。

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early

A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument dev_script leads to os command injection. The attack can be launched remotely. The exploit is publi

CVE-2026-7593 是一个影响 Sunwood-ai-labs 开发的 command-executor-mcp-server 组件（版本 0.1.0 及之前）的 OS 命令注入漏洞。该漏洞存在于 src/index.ts 文件中的 execute_command 函数，攻击者可以通过 MCP 接口远程触发命令注入，无需认证。由于漏洞利用细节已经公开披露，且作者已通过 issue 告知但未得到回应，因此实际风险较高。成功利用该漏洞的攻击者能够在服务器上执行任意操作系统命令，可能导致数据泄露、服务中断或进一步的内网渗透。CVSS 评分为 7.3（高），攻击复杂度低，且无需用户交互。目前官方尚未发布修复补丁，建议受影响的用户立即采取缓解措施：1）限制网络暴露，避免将 MCP 接口暴露在公网；2）严格过滤用户输入，或禁用受影响的 execute_command 功能；3）关注项目仓库的更新，待补丁发布后尽快升级。由于该漏洞被标记为已公开利用，安全团队应优先排查并监控相关日志。

CVE-2026-7590 是 eyal-gor 开发的 p_69_branch_monkey_mcp 项目中的一个操作系统命令注入漏洞。该漏洞存在于 branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py 文件的未知函数中，属于 Preview 端点组件。攻击者可以通过向 dev_script 参数传递恶意构造的参数，触发操作系统命令注入，从而在服务器上执行任意命令。由于该产品未使用版本管理，无法确定受影响和未受影响的版本范围。项目维护者已通过 issue 报告获知该问题，但尚未回应。漏洞的利用代码已公开，可能被攻击者利用。攻击是远程的，无需身份验证，CVSS 评分为 7.3（高严重性）。

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. Upgrading t

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The projec

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an iss

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. Upgrading t

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The projec

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an iss

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.

A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.

A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.