VYPR
AI Brief2026-07-06· generated Jul 6, 2026

What you need to know today.

KEV catalog updated with Sitecore, D-Link, and Nagios command injection flaws; critical RCEs disclosed in Chamilo, NextGen, and Optoma.

Multiple command injection vulnerabilities have been added to the CISA Known Exploited Vulnerabilities (KEV) catalog today. Sitecore XP versions 7.5 through 8.2 Update-7 are affected by an insecure deserialization flaw that can lead to remote code execution without authentication (CVE-2021-42237). D-Link DIR-820L routers running firmware 1.05B03 are vulnerable to RCE via an HTTP POST request to get set ccp (CVE-2022-26258). Additionally, Nagios XI version xi-5.7.5 contains OS command injection flaws in several configuration wizard files due to improper input sanitization, affecting cloud-vm, windowswmi, and switch configurations (CVE-2021-25298, CVE-2021-25296, CVE-2021-25297). ZKTeco BioTime v8.5.5 has a path traversal vulnerability in its iclock API, allowing unauthenticated attackers to read arbitrary files (CVE-2023-38950).

Beyond KEV additions, several critical vulnerabilities impacting various devices and software have been disclosed. Chamilo versions up to 1.11.18 suffer from command injection in the wsConvertPpt component via a SOAP API call, allowing arbitrary command execution (CVE-2023-34960). NextGen Mirth Connect v4.3.0 has a critical RCE vulnerability (CVE-2023-37679). Optoma 1080PSTX C02 devices have an authentication bypass flaw, enabling access to the administration console without credentials (CVE-2023-27823). IOBit IOTransfer 4.3.1.1561 is vulnerable to arbitrary file read/write via the Airserv component, leading to data compromise (CVE-2022-24562). Hardy Barth cPH2 eCharge Ladestation devices (v1.87.0 and earlier) are susceptible to OS command injection via crafted arguments (CVE-2023-46359).

Several TP-Link routers are affected by command injection vulnerabilities. Specifically, TP-LINK TL-WR840N(ES)_V6.20_180709 has command injection flaws in the oal_setIp6DefaultRoute (CVE-2022-25060) and oal_startPing (CVE-2022-25060) components. Additionally, the PING function on TP-Link TL-WR840N EU v5 routers (firmware through TL-WR840N(EU)_V5_171211) is vulnerable to remote code execution via crafted input in an IP address field (CVE-2021-41653). D-Link DIR-615 devices with firmware 20.06 have an information disclosure and data modification vulnerability related to the WAN configuration page (CVE-2021-42627). Wondershare Dr. Fone (as of 2021-12-06 version) has an RCE vulnerability due to insecure UDP communication with the InstallAssistService.exe service (CVE-2021-44596).

Other notable vulnerabilities include a Cross-Site Scripting (XSS) flaw in MailEnable before v10, which can lead to arbitrary code execution via the failure.aspx component (CVE-2025-44148). Printix Secure Cloud Print Management (through 1.3.1106.0) incorrectly uses privileged APIs to modify registry values (CVE-2022-25089). Siklu Communications Etherhaul devices (firmware 7.4.0 through 10.7.3) have an issue with the rfpiped service using static AES encryption keys, potentially allowing unauthorized access (CVE-2025-57174). Lastly, Syncovery 9 for Linux (v9.47x and below) has a privilege escalation vulnerability via crafted session tokens in the post_applogin.php component (CVE-2022-36536).

Synthesized by Vypr AI
KEV Adds Sitecore, D-Link, Nagios; Critical RCEs Uncovered · VYPR