Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

85 matches found

OSV
OSVadded 5 days ago5 views

DEBIAN-CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00029EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/23 6:33 p.m.8 views

EUVD-2026-25248

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

9.8CVSS6.1AI score0.00578EPSS
Exploits1References2
CVE
CVEadded 2026/04/23 12:0 a.m.6 views

CVE-2026-31181

CVE-2026-31181 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. An arbitrary command execution vulnerability exists via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi, enabling likely remote code execution over the network. The CVSS v3.1 base score is 9.8 (CRITICAL) with high impac...

9.8CVSS6.1AI score0.00578EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/23 12:0 a.m.2 views

CVE-2026-31181

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

6.1AI score0.00578EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/23 12:0 a.m.2 views

CVE-2026-31181

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

9.8CVSS6.1AI score0.00578EPSS
Exploits1References2
OSV
OSVadded 2026/04/21 7:16 p.m.2 views

UBUNTU-CVE-2026-40613

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8t to uint16t without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries, thi...

7.5CVSS5.8AI score0.01123EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2026/04/21 7:16 p.m.1 views

CVE-2026-40613

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8t to uint16t without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries, thi...

7.5CVSS5.8AI score0.01123EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/02/25 4:4 a.m.5 views

CVE-2026-27624

Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "::1" and "::", but IPv4-mapped IPv6 is not...

7.2CVSS8.4AI score0.00254EPSS
Exploits1
CNNVD
CNNVDadded 2026/02/25 12:0 a.m.6 views

Coturn 安全漏洞

Coturn is an open-source implementation of TURN TURN VoIP Media Services NAT Traversal Server and Gateway and STUN Simple Transfer of User Datagram Protocol Network Address Translators Servers. Versions of Coturn prior to 4.9.0 contained security vulnerabilities; these vulnerabilities stemmed fro...

7.2CVSS7.3AI score0.00254EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : firefox-68.10.0-1.0.1.el7.AXS7 (AXSA:2020-210:14)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-210:14 advisory. Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 CVE-2020-12417 Mozilla: Information disclosure due to manipulated URL...

9.3CVSS8.5AI score0.03034EPSS
Exploits2References6
Tenable Nessus
Tenable Nessusadded 2026/01/20 12:0 a.m.4 views

MiracleLinux 4 : firefox-68.10.0-1.0.1.AXS4 (AXSA:2020-213:15)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-213:15 advisory. Mozilla: Information disclosure due to manipulated URL object CVE-2020-12418 Mozilla: Use-after-free in nsGlobalWindowInner CVE-2020-12419 Mozilla:...

9.3CVSS8.4AI score0.03034EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2015-0847

Malware in sbrugna...

4.3CVSS7.8AI score0.01259EPSS
Exploits0References12
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-4732

Malware in sbrugna...

9.3CVSS9.1AI score0.01859EPSS
Exploits1References28
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-14492

Malware in sbrugna...

7.5CVSS8.4AI score0.01662EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-5925

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01137EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-52723

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01797EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/03/01 12:20 a.m.14 views

CVE-2024-51138

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier;...

9.8CVSS8AI score0.01137EPSS
Exploits0References4
CVE
CVEadded 2025/02/27 12:0 a.m.228 views

CVE-2024-51138

CVE-2024-51138 affects DrayTek Vigor series (e.g., Vigor165/166, Vigor2620/LTE200, Vigor2860/2925, Vigor2862/2926, Vigor2133/2762/2832, Vigor2135/2765/2766, Vigor2865/2866/2927, Vigor2962, Vigor3912, Vigor3910). The vulnerability is a stack-based buffer overflow in the URL parsing of the TR069 ST...

9.8CVSS7.7AI score0.01137EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2025/02/27 12:0 a.m.13 views

CVE-2024-51138

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier;...

0.01137EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/02/27 12:0 a.m.3 views

PT-2025-9024 · Draytek · Vigor2135 +19

Name of the Vulnerable Software and Affected Versions: Vigor165/166 versions 4.2.7 and earlier Vigor2620/LTE200 versions 3.9.8.9 and earlier Vigor2860/2925 versions 3.9.8 and earlier Vigor2862/2926 versions 3.9.9.5 and earlier Vigor2133/2762/2832 versions 3.9.9 and earlier Vigor2135/2765/2766...

9.8CVSS9.7AI score0.01137EPSS
Exploits0References7
Rows per page
Query Builder