Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNNVD
CNNVDadded 2026/05/26 12:0 a.m.8 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of theFileName parameter in the setUploadUserDat...

6.5CVSS6.6AI score0.04841EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.7 views

PT-2026-43192

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...

6.5CVSS6.3AI score0.04841EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/30 9:23 p.m.5 views

CVE-2026-1601

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

6.5CVSS5.7AI score0.05152EPSS
Exploits1References1
CVE
CVEadded 2026/01/29 6:32 p.m.7 views

CVE-2026-1601

Totolink A7000R 4.1cu.4154 contains a remote command-injection flaw in the CGI handler /cgi-bin/cstecgi.cgi, in setUploadUserData. Manipulating the FileName argument allows arbitrary command execution on the device. Public PoC/exploits exist, enabling remote attacks with low privileges and no use...

6.5CVSS5.7AI score0.05152EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2023/02/03 4:15 p.m.0 views

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function...

9.8CVSS7.3AI score
Exploits0References1
CNNVD
CNNVDadded 2022/12/30 12:0 a.m.1 views

KBase Metrics SQL注入漏洞

KBase Metrics are scripts and other tools used to collect metrics and generate reports and summaries. KBase Metrics suffers from a SQL injection vulnerability that stems from a problem with the function uploaduserdata in the file source/dailycronjobs/methodsuploaduserstats.py, which can lead to s...

9.8CVSS6.6AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2022/12/30 12:0 a.m.2 views

PT-2022-28146 · Unknown · Kbase Metrics

Name of the Vulnerable Software and Affected Versions: KBase Metrics affected versions not specified Description: A critical issue was found in KBase Metrics, affecting the upload user data function of the file source/daily cron jobs/methods upload user stats.py. This issue leads to sql injection...

9.8CVSS6.2AI score0.00347EPSS
Exploits0References9
Rows per page
Query Builder