Total
3142 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2080 | 1 Utt | 2 810, 810 Firmware | 2026-02-13 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2118 | 1 Utt | 2 810, 810 Firmware | 2026-02-13 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2135 | 1 Utt | 2 810, 810 Firmware | 2026-02-13 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-37162 | 1 Arubanetworks | 1 Arubaos | 2026-02-13 | N/A | 6.5 MEDIUM |
| A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | |||||
| CVE-2025-64090 | 1 Zenitel | 2 Tcis-3, Tcis-3 Firmware | 2026-02-12 | N/A | 10.0 CRITICAL |
| This vulnerability allows authenticated attackers to execute commands via the hostname of the device. | |||||
| CVE-2026-2085 | 1 Dlink | 2 Dwr-m921, Dwr-m921 Firmware | 2026-02-12 | 8.3 HIGH | 7.2 HIGH |
| A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2260 | 1 Dlink | 2 Dcs-931l, Dcs-931l Firmware | 2026-02-12 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-21516 | 1 Microsoft | 1 Github Copilot | 2026-02-11 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-21256 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-11 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-59818 | 1 Zenitel | 2 Tcis-3, Tcis-3 Firmware | 2026-02-11 | N/A | 10.0 CRITICAL |
| This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. | |||||
| CVE-2026-21257 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-11 | N/A | 8.0 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-2061 | 1 Dlink | 2 Dir-823x Firmware, Dir-832x | 2026-02-11 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2063 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2120 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-2129 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-21522 | 1 Microsoft | 1 Confcom | 2026-02-11 | N/A | 6.7 MEDIUM |
| Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-2151 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-2152 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-2155 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2157 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-02-11 | 8.3 HIGH | 7.2 HIGH |
| A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||