CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/23 12:0 a.m.•7 views

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R ttlWay parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the ttlWay parameter of...

6.5CVSS6AI score0.00279EPSS

Positive Technologies•added 2026/04/23 12:0 a.m.•11 views

PT-2026-34717

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...

ATTACKERKB•added 2026/04/23 12:0 a.m.•4 views

CVE-2026-31171

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...

Tenable Nessus•added 2026/04/23 12:0 a.m.•4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-014266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014266 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...

8.2CVSS6.2AI score0.00417EPSS

Exploits0References4

Positive Technologies•added 2026/04/23 12:0 a.m.•6 views

PT-2026-34670

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

ATTACKERKB•added 2026/04/23 12:0 a.m.•2 views

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

ATTACKERKB•added 2026/04/23 12:0 a.m.•4 views

CVE-2026-31162

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34824

Name of the Vulnerable Software and Affected Versions OpenLearnX versions prior to 2.0.3 Description OpenLearnX is an open-source, decentralized learning and assessment platform. A remote code execution RCE issue exists in the code execution environment, which allows an attacker to escape the...

8.8CVSS6.6AI score0.0091EPSS

Exploits1References11

Cvelist•added 2026/04/23 12:0 a.m.•30 views

CVE-2026-31172

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi...

Cvelist•added 2026/04/23 12:0 a.m.•26 views

CVE-2026-31176

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...

Cvelist•added 2026/04/23 12:0 a.m.•32 views

CVE-2026-31165

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...

CVE•added 2026/04/23 12:0 a.m.•14 views

CVE-2026-31162

Summary: CVE-2026-31162 affects ToToLink A3300R firmware. The issue is a command-injection problem in the web interface: an attacker can execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi in firmware version v17.0.0cu.557_B20221024. The CVSS 3.1 vector indicates network a...

Exploits1References1Affected Software1

Vulnrichment•added 2026/04/23 12:0 a.m.•6 views

CVE-2026-31163

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...

6.1AI score0.00279EPSS

CVE•added 2026/04/23 12:0 a.m.•10 views

CVE-2026-31174

CVE-2026-31174 describes a command-injection vulnerability in ToToLink A3300R firmware 17.0.0cu.557_B20221024. An attacker can exploit the vulnerability by supplying crafted input to the informEnable parameter of the web CGI endpoint /cgi-bin/cstecgi.cgi, potentially executing arbitrary commands ...

Exploits1References1Affected Software1

CVE•added 2026/04/23 12:0 a.m.•11 views

CVE-2026-31169

CVE-2026-31169 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue allows attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi, with network access and no privileges required (CVSS 3.1: 6.5, Low confidentiality/integrity impact, no availability im...

Exploits1References1Affected Software1

CNNVD•added 2026/04/23 12:0 a.m.•8 views

Flowise 输入验证错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a vulnerability related to input validation errors. This vulnerability stemmed from parameter overriding bypasses and NODEOPTIONS environment...

9.8CVSS7.1AI score0.13789EPSS

Positive Technologies•added 2026/04/23 12:0 a.m.•9 views

PT-2026-34672

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...

Vulnrichment•added 2026/04/23 12:0 a.m.•5 views

CVE-2026-31179

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi...

6.1AI score0.00279EPSS

Cvelist•added 2026/04/23 12:0 a.m.•30 views

CVE-2026-31173

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...