CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/13 12:15 a.m.•2 views

CVE-2026-6139

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The...

10CVSS7AI score0.01221EPSS

Cvelist•added 2026/04/13 12:15 a.m.•35 views

CVE-2026-6139 Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection

10CVSS0.01221EPSS

EUVD•added 2026/04/13 12:15 a.m.•3 views

EUVD-2026-21764

10CVSS7AI score0.01221EPSS

Vulnrichment•added 2026/04/13 12:0 a.m.•0 views

CVE-2026-6138 Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploi...

10CVSS7AI score0.01221EPSS

ATTACKERKB•added 2026/04/13 12:0 a.m.•2 views

CVE-2026-6138

10CVSS5.5AI score0.01221EPSS

Vulnrichment•added 2026/04/13 12:0 a.m.•0 views

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...

5.5AI score0.00048EPSS

Exploits0References2

Positive Technologies•added 2026/04/13 12:0 a.m.•2 views

PT-2026-32489

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security issue in the CGI Handler component allows for remote OS command injection. The problem exists in the setPasswordCfg function within the '/cgi-bin/cstecgi.cgi' file. An...

10CVSS7.4AI score0.01235EPSS

Exploits0References10

Positive Technologies•added 2026/04/13 12:0 a.m.•2 views

PT-2026-32240

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 Description A weakness exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313. Manipulation of the pppoeServiceName argument within the setWanCfg function in the /cgi-bin/cstecgi.cgi file...

10CVSS7.2AI score0.01221EPSS

Exploits0References9

ATTACKERKB•added 2026/04/12 10:30 p.m.•2 views

CVE-2026-6132

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

10CVSS5.5AI score0.00316EPSS

Vulnrichment•added 2026/04/12 10:30 p.m.•1 views

CVE-2026-6132 Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection

10CVSS5.5AI score0.00316EPSS

NVD•added 2026/04/12 10:16 p.m.•0 views

CVE-2026-6130

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

7.5CVSS0.01715EPSS

ATTACKERKB•added 2026/04/12 10:15 p.m.•1 views

CVE-2026-6131

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched...

10CVSS5.5AI score0.01221EPSS

ATTACKERKB•added 2026/04/12 10:0 p.m.•2 views

CVE-2026-6130

7.5CVSS5.5AI score0.01715EPSS

Exploits0References6Affected Software1

EUVD•added 2026/04/12 6:30 a.m.•2 views

EUVD-2026-21700

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

10CVSS5.6AI score0.01221EPSS

EUVD•added 2026/04/12 6:30 a.m.•2 views

EUVD-2026-21706

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

10CVSS5.5AI score0.01221EPSS

EUVD•added 2026/04/12 6:30 a.m.•0 views

EUVD-2026-21702

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack...

10CVSS5.6AI score0.01221EPSS

NVD•added 2026/04/12 5:16 a.m.•3 views

CVE-2026-6118

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...

6.5CVSS0.03277EPSS

NVD•added 2026/04/12 5:16 a.m.•1 views

CVE-2026-6116

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is...

10CVSS0.01221EPSS