Total
2882 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2210 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2218 | 1 Dlink | 2 Dcs-933l, Dcs-933l Firmware | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-64093 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-10 | N/A | 10.0 CRITICAL |
| Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | |||||
| CVE-2025-69542 | 1 Dlink | 2 Dir-895la1, Dir-895la1 Firmware | 2026-02-10 | N/A | 9.8 CRITICAL |
| A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges. | |||||
| CVE-2026-1596 | 1 Dlink | 2 Dwr-m961, Dwr-m961 Firmware | 2026-02-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2026-1687 | 1 Tenda | 2 Hg10, Hg10 Firmware | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1601 | 1 Totolink | 2 A7000r, A7000r Firmware | 2026-02-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2182 | 1 Utt | 2 521g, 521g Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2143 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2142 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2188 | 1 Utt | 2 521g, 521g Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2084 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-10 | 8.3 HIGH | 7.2 HIGH |
| A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2082 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used. | |||||
| CVE-2026-2081 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-1623 | 1 Totolink | 2 A7000r, A7000r Firmware | 2026-02-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1690 | 1 Tenda | 2 Hg10, Hg10 Firmware | 2026-02-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2026-1689 | 1 Tenda | 2 Hg10, Hg10 Firmware | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2026-24685 | 1 Openproject | 1 Openproject | 2026-02-09 | N/A | 8.8 HIGH |
| OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint (`/projects/:project_id/repository/diff.diff`) when rendering a single revision via git show. By supplying a specially crafted rev value (for example, `rev=--output=/tmp/poc.txt)`, an attacker can inject git show command-line options. When OpenProject executes the SCM command, Git interprets the attacker-controlled rev as an option and writes the output to an attacker-chosen path. As a result, any user with the `:browse_repository` permission on the project can create or overwrite arbitrary files that the OpenProject process user is permitted to write. The written contents consist of git show output (commit metadata and patch), but overwriting application or configuration files still leads to data loss and denial of service, impacting integrity and availability. The issue has been fixed in OpenProject 17.0.2 and 16.6.6. | |||||
| CVE-2026-1544 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-1547 | 1 Totolink | 2 A7000r, A7000r Firmware | 2026-02-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||