CVE-2026-31172

The CVE-2026-31172 entry concerns ToToLink A3300R firmware, version 17.0.0cu.557_B20221024. The issue is a command injection in the CGI interface: attacker-controlled input in the user parameter to /cgi-bin/cstecgi.cgi can lead to arbitrary command execution on the device. According to the NVD en...

PT-2026-34671

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31181

CVE-2026-31181 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. An arbitrary command execution vulnerability exists via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi, enabling likely remote code execution over the network. The CVSS v3.1 base score is 9.8 (CRITICAL) with high impac...

CVE-2026-31166

CVE-2026-31166 concerns ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue: an attacker can execute arbitrary commands by supplying the hour parameter to /cgi-bin/cstecgi.cgi. This is a network‑vector flaw with low to moderate impact stated (CVSS v3.1: 6.5, Confidentiality and Integrity ...

PT-2026-34677

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stun-port parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31175

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R recHour parameter, which originates from the failure of the recHour parameter in the /cgi-bin/cstecgi.cgi file to correctly filter user input, and can be...

CVE-2026-31160

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31171

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31173

ToToLink A3300R firmware v17.0.0cu.557_B20221024 is affected. A flaw in /cgi-bin/cstecgi.cgi allows execution of arbitrary commands via the interval parameter. CVSS 3.1: Network attack, Privileges Required NONE, User Interaction NONE, Impact Confidentiality and Integrity LOW, Availability NONE; b...

CVE-2026-31166

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31159

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

Flowise 输入验证错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a vulnerability related to input validation errors. This vulnerability stemmed from parameter overriding bypasses and NODEOPTIONS environment...

CVE-2026-31165

Summary of CVE-2026-31165 : Analyzed in ToToLink A3300R firmware 17.0.0cu.557_B20221024. The vulnerability is a command-injection in the web interface captured via the pppoeServiceName parameter sent to /cgi-bin/cstecgi.cgi, enabling an attacker to execute arbitrary commands. This is a network-ex...

CVE-2026-31177

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

CVE-2026-5935

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

Malicious code in process-support (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ba15c5dd66c6282ee21f8ee819191d6fbbbf194845ad231ac7d26856d334db70 During import, the package automatically starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing...

CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...