MAL-2026-3016 Malicious code in amazon-q-developer-streaming-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2612d348229614bb857a8f2c30c1ad2d66954d7a05073f15319f8aca2fb1a86d The package amazon-q-developer-streaming-client was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in eth-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 843cae77c9aaf84bef1b7d5e46e27795d5203d2959a39b2797f0e1248b4995c7 The package eth-logger was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-41208 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

CVE-2026-5935

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R ttlWay parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the ttlWay parameter of...

CVE-2026-31179

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31178

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31176

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31165

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31165

Summary of CVE-2026-31165 : Analyzed in ToToLink A3300R firmware 17.0.0cu.557_B20221024. The vulnerability is a command-injection in the web interface captured via the pppoeServiceName parameter sent to /cgi-bin/cstecgi.cgi, enabling an attacker to execute arbitrary commands. This is a network-ex...

CVE-2026-31160

CVE-2026-31160: Affected product is ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a remote command-execution flaw exploitable via the provider parameter to /cgi-bin/cstecgi.cgi, as described in multiple sources (NVD, CVE List, EUVD, etc.). The root cause is the handling o...

CVE-2026-31174

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31173

ToToLink A3300R firmware v17.0.0cu.557_B20221024 is affected. A flaw in /cgi-bin/cstecgi.cgi allows execution of arbitrary commands via the interval parameter. CVSS 3.1: Network attack, Privileges Required NONE, User Interaction NONE, Impact Confidentiality and Integrity LOW, Availability NONE; b...

CVE-2026-31163

The CVE-2026-31163 entry concerns ToToLink A3300R firmware (v17.0.0cu.557_B20221024) where an attacker can execute arbitrary commands by supplying a crafted dhcpMtu parameter to /cgi-bin/cstecgi.cgi. The vulnerability is indicated with a CVSS v3.1 base score of 6.5 (Network, Low privileges requir...

CVE-2026-31163

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31160

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31165

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34712

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34716

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi...