Total
3146 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15137 | 1 Trendnet | 2 Tew-800mb, Tew-800mb Firmware | 2026-02-24 | 8.8 High |
| A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15136 | 1 Trendnet | 2 Tew-800mb, Tew-800mb Firmware | 2026-02-24 | 8.8 High |
| A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14648 | 1 Dedebiz | 1 Dedebiz | 2026-02-24 | 4.7 Medium |
| A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-14586 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-02-24 | 6.3 Medium |
| A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-14094 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2026-02-24 | 4.7 Medium |
| A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14093 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2026-02-24 | 4.7 Medium |
| A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14092 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2026-02-24 | 4.7 Medium |
| A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-70296 | 2 Mealie, Mealie-recipes | 2 Mealie, Mealie | 2026-02-23 | 5.4 Medium |
| A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view. | ||||
| CVE-2026-20761 | 1 Enocean Edge | 1 Smartserver Iot | 2026-02-23 | 8.1 High |
| A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device. | ||||
| CVE-2026-2227 | 2 D-link, Dlink | 3 Dcs-931l, Dcs-931l, Dcs-931l Firmware | 2026-02-23 | 4.7 Medium |
| A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-2824 | 1 Comfast | 2 Cf-e7, Cf-e7 Firmware | 2026-02-23 | 6.3 Medium |
| A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2823 | 1 Comfast | 2 Cf-e7, Cf-e7 Firmware | 2026-02-23 | 6.3 Medium |
| A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2670 | 1 Advantech | 1 Wise-6610 | 2026-02-23 | 7.2 High |
| A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2629 | 1 Jishi | 1 Node-sonos-http-api | 2026-02-23 | 7.3 High |
| A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-2615 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-02-23 | 7.2 High |
| A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument del_flag can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2560 | 1 Kalcaddle | 1 Kodbox | 2026-02-23 | 6.3 Medium |
| A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2548 | 1 Wayos | 1 Fbm-220g | 2026-02-23 | 6.3 Medium |
| A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2544 | 1 Yued-fe | 1 Lulu Ui | 2026-02-23 | 7.3 High |
| A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2535 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2026-02-23 | 6.3 Medium |
| A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2534 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2026-02-23 | 6.3 Medium |
| A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||