CVE-2026-7717

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

CVE-2026-7717

Totolink WA300 5.2cu.7112_B20190227 is affected by CVE-2026-7717. The vulnerability is in the POST Request Handler’s UploadCustomModule function (file path: /cgi-bin/cstecgi.cgi). Manipulating the File argument can trigger a buffer overflow, and the issue can be exploited remotely. Exploitation i...

CVE-2026-7717 Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

American Fuzzy Lop plus plus 4.35c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

EUVD-2022-4450

Malicious code in bioql PyPI...

CVE-2025-57055

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curlexec without sufficient validation,...

CVE-2025-57055

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curlexec without sufficient validation,...

CVE-2025-57055

WonderCMS 3.5.0 is affected by a Server-Side Request Forgery (SSRF) in the custom module installation feature. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter, and the server fetches it with curl_exec() without sufficient validation, enabling potent...

CVE-2025-57055

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curlexec without sufficient validation,...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS from WonderCMS, Inc. A security vulnerability exists in WonderCMS version 3.5.0, which stems from insufficient validation of the pluginThemeUrl parameter in the custom module installation feature, which could lead to a server-sid...

PT-2025-38162

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.5.0 Description: WonderCMS version 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl...

Command Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Command Injection via the CustomMCP class. An attacker can gain unauthorized remote access and execute arbitrary operating system commands by sending crafted requests over the network. This i...

CVE-2025-5901

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can...

American Fuzzy Lop plus plus 4.32c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

DRUPAL-CORE-2025-004

Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross Site Scripting vulnerability XSS. This vulnerability is mitigated by that fact that an attacker would need to have the ability to add specific attributes to a Link field, which typically requires edit acce...

CVE-2024-46424

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter...

CVE-2024-46424

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter...

PT-2024-31986 · Totolink · Totolink Ac1200 T8

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220 Description: The issue is a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter. This vulnerability...

The vulnerability of the UploadCustomModule (/cgi-bin/cstecgi.cgi) function in the TOTOLINK EX1200L router software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UploadCustomModule /cgi-bin/cstecgi.cgi function in TOTOLINK EX1200L router microprogramming software arises due to buffer overflows in the stack during the processing of the File parameter. Exploiting this vulnerability allows a malicious actor to compromise the...

The vulnerability of the UploadCustomModule function in the cgi-bin/cstecgi.cgi file of the TOTOLINK CP900 router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UploadCustomModule function in the cgi-bin/cstecgi.cgi file of the TOTOLINK CP900 router’s microprogramming system is related to the issue of data being written outside the buffer during the processing of the File parameter. Exploiting this vulnerability allows a maliciou...