19546 matches found
CVE-2026-31163
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
EUVD-2026-25285
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
CVE-2026-41268
Flowise is affected by a critical unauthenticated remote command execution (RCE) prior to version 3.1.0. The vulnerability arises from a parameter override bypass that combines the FILE-STORAGE:: keyword with a NODE_OPTIONS environment variable injection, allowing arbitrary root commands to be ex...
EUVD-2026-25245
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31176
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...
Malicious code in jie-utility-package (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2cab7c48587f060014e5c8453f9ab21c0e6dd3c3523d095c1fcafbce8cbee2d1 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
CVE-2026-31173
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31171
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31172
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31175
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34711
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31162
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34703
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34704
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi...
Radare2 MCP Server 操作系统命令注入漏洞
Radare2 MCP Server is an open-source binary analysis tool based on Radare2 developed by the radare.org community. Versions of Radare2 MCP Server prior to version 1.6.0 contained a vulnerability related to operating system command injection. This vulnerability arises from operating system command...
CVE-2026-31164
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34678
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31178
ToToLink A3300R firmware v17.0.0cu.557_B20221024 is vulnerable via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi, enabling arbitrary command execution. The CVE-2026-31178 entry lists network-based access with high impact to confidentiality, integrity, and availability. Connected sources conf...
CVE-2026-31176
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...