ReportizFlow
Filtered by vendor
Subscriptions
Total
3444 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5974 | 2 Deepwisdom, Foundation Agents | 2 Metagpt, Metagpt | 2026-04-29 | 7.3 High |
| A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the problem early through a pull request but has not reacted yet. | ||||
| CVE-2026-7102 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 6.3 Medium |
| A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-4786 | 1 Python | 1 Cpython | 2026-04-29 | 7.3 High |
| Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. | ||||
| CVE-2026-7241 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-29 | 9.8 Critical |
| A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-7240 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-29 | 9.8 Critical |
| A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-7202 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-29 | 9.8 Critical |
| A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-7203 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-29 | 9.8 Critical |
| A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-7157 | 1 Disler | 1 Aider-mcp-server | 2026-04-29 | 7.3 High |
| A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the component aider_ai_code. This manipulation of the argument relative_editable_files causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-7139 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-29 | 9.8 Critical |
| A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-7122 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-29 | 9.8 Critical |
| A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-7316 | 1 Eiliyaabedini | 1 Aider-mcp | 2026-04-29 | 7.3 High |
| A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-4537 | 1 Cudy | 1 Tr1200 | 2026-04-29 | 4.7 Medium |
| A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action_ipsec_conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is advised. The vendor explains, that "some other customer has reported this to us before. And we have fixed this." | ||||
| CVE-2026-31255 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2026-04-29 | 5.4 Medium |
| A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands. | ||||
| CVE-2026-31162 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-29 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31163 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-29 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-38835 | 1 Tenda | 2 W30e, W30e Firmware | 2026-04-29 | 9.8 Critical |
| Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2026-31164 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-28 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-38834 | 1 Tenda | 2 W30e, W30e Firmware | 2026-04-28 | 7.3 High |
| Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2026-7152 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-28 | 9.8 Critical |
| A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-31168 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-28 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi. | ||||