Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8681 matches found

Vulnrichment
Vulnrichmentadded 2026/04/23 12:0 a.m.2 views

CVE-2026-31174

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...

6.1AI score0.00388EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/23 12:0 a.m.1 views

CVE-2026-31169

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/23 12:0 a.m.1 views

CVE-2026-31171

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.1 views

PT-2026-34714

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References1
CVE
CVEadded 2026/04/23 12:0 a.m.6 views

CVE-2026-31172

The CVE-2026-31172 entry concerns ToToLink A3300R firmware, version 17.0.0cu.557_B20221024. The issue is a command injection in the CGI interface: attacker-controlled input in the user parameter to /cgi-bin/cstecgi.cgi can lead to arbitrary command execution on the device. According to the NVD en...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2026/04/23 12:0 a.m.4 views

CVE-2026-31181

CVE-2026-31181 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. An arbitrary command execution vulnerability exists via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi, enabling likely remote code execution over the network. The CVSS v3.1 base score is 9.8 (CRITICAL) with high impac...

9.8CVSS6.1AI score0.00612EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2026/04/23 12:0 a.m.7 views

CVE-2026-31159

The CVE-2026-31159 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a command-injection in /cgi-bin/cstecgi.cgi triggered by the password parameter, enabling arbitrary command execution. Base score 6.5 (Medium) with network attack vector, low attack complexity, and n...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/23 12:0 a.m.1 views

CVE-2026-31181

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

9.8CVSS6.1AI score0.00612EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/23 12:0 a.m.2 views

CVE-2026-31171

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...

6.1AI score0.00388EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/04/23 12:0 a.m.8 views

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R recHour parameter, which originates from the failure of the recHour parameter in the /cgi-bin/cstecgi.cgi file to correctly filter user input, and can be...

6.5CVSS6AI score0.00388EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.3 views

PT-2026-34677

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stun-port parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00388EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/23 12:0 a.m.26 views

CVE-2026-31166

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi...

0.00137EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/23 12:0 a.m.26 views

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

0.00388EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/23 12:0 a.m.28 views

CVE-2026-31159

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

0.00388EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/23 12:0 a.m.30 views

CVE-2026-31162

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...

0.00388EPSS
Exploits1References1
CVE
CVEadded 2026/04/23 12:0 a.m.6 views

CVE-2026-31166

CVE-2026-31166 concerns ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue: an attacker can execute arbitrary commands by supplying the hour parameter to /cgi-bin/cstecgi.cgi. This is a network‑vector flaw with low to moderate impact stated (CVSS v3.1: 6.5, Confidentiality and Integrity ...

6.5CVSS6.1AI score0.00137EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/04/22 9:44 p.m.23 views

CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS0.00026EPSS
Exploits1References4
NVD
NVDadded 2026/04/22 7:17 p.m.3 views

CVE-2026-26354

Dell PowerProtect Data Domain with Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker...

9.8CVSS0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.0 views

PT-2026-34585

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

7.3CVSS6.1AI score0.00102EPSS
Exploits0References2
NVD
NVDadded 2026/04/21 10:16 p.m.0 views

CVE-2026-40933

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...

9.9CVSS0.00074EPSS
Exploits1References3
Rows per page
Query Builder