CVE-2026-12174

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...

CVE-2026-49144

BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...

CVE-2026-5849

A vulnerability was determined in Tenda i12 1.0.0.113862. The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-49144 BrowserStack Runner 0.9.5 Path Traversal via _default HTTP Handler

BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the apiHandler and webHandlerTelegramBot processes. An attacker can cause the application to exhaust system memory and crash by sending an extremely large or endless JSON payload over a single TCP connection...

PT-2026-36750

A weakness has been identified in Totolink WA300 5.2cu.7112 B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack...

EUVD-2026-26015

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from...

CVE-2026-7241

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

EUVD-2026-25960

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

CVE-2026-7036

A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

EUVD-2026-25712

A vulnerability was identified in Tenda i9 1.0.0.52204. This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

CVE-2026-6024

A vulnerability was determined in Tenda i6 1.0.0.72204. Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2026-6024 Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was determined in Tenda i6 1.0.0.72204. Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

PT-2026-31834

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Manipulation of the telnet enabled argument within the setTelnetCfg function in the...

PT-2026-31878

Name of the Vulnerable Software and Affected Versions Tenda i6 version 1.0.0.72204 Description A path traversal issue exists due to manipulation of the R7WebsSecurityHandlerfunction within the HTTP Handler component. This allows for remote exploitation. The exploit has been publicly disclosed...

EUVD-2026-20850

A weakness has been identified in Tenda i3 1.0.0.62204. The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could b...

CVE-2026-5849

A vulnerability was determined in Tenda i12 1.0.0.113862. The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-5841

A weakness has been identified in Tenda i3 1.0.0.62204. The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could b...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from an operation on the mode parameter in the setWiFiAclRules...

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...