TOTOLINK AC1200 T8 安全漏洞

The TOTOLINK AC1200 T8 is an AC1200 dual-band Mesh wireless router produced by TOTOLINK Corporation. Version 4.1.5cu.8611 of the TOTOLINK AC1200 T8 contains a security vulnerability. This vulnerability stems from incorrect operations in the vsftpd component’s configuration file /etc/vsftpd.conf,...

D-Link DCS-5615 安全漏洞

The D-Link DCS-5615 is a high-speed network dome camera produced by D-Link Corporation. Version 1.01.00 of the D-Link DCS-5615 contains a security vulnerability. This vulnerability stems from incorrect operations with the file /etc/conf.d/boa/boa.conf in the Boa Webserver component, which may lea...

CVE-2026-6132

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

CVE-2022-49036

Synology Active Backup for Business Recovery Media Creator (before version 2.5.0-2081) is affected by an OpenSSL configuration vulnerability described as an inclusion of functionality from untrusted control sphere, enabling local users to execute arbitrary code via unspecified vectors. Affected c...

CVE-2026-9534

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

PT-2026-42026

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

Agent Zero 安全漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Version 0.9.8 of Agent Zero contains a security vulnerability, which stems from a flaw in the external MCP server configuration function. This vulnerability could allow attackers to execute arbitrary operating system...

CVE-2026-5852 Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The...

EUVD-2026-17050

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from the safeBins configuration failing to properly filter constructed command special characters, commands, etc., which can...

CVE-2026-3207

Technical details for CVE-2026-3207 are not publicly available in the provided documents. Monitor for updates to learn affected products/versions, impact, and remediation.

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of...

EUVD-2026-9066

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version...

CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

CVE-2026-28270

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

CVE-2025-59097 Unauthenticated SOAP API in dormakaba access manager

The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...

ZTE MF258K Pro Configuration Flaw Vulnerability

The ZTE MF258K Pro is a 4G outdoor bridge kit from ZTE China. The ZTE MF258K Pro suffers from a configuration flaw vulnerability that stems from improperly set directory permissions, which can be exploited by an attacker to cause a write operation to be performed...

Huawei HarmonyOS Configuration Flaw Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A configuration flaw vulnerability exists in Huawei HarmonyOS, which stems from a configuration flaw in the file management module, and can be exploited by a...

CVE-2025-11779

CVE-2025-11779 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. A stack-based buffer overflow in the SetLan function is triggered when applying a new configuration via the management web interface (index.cgi). Un-sanitised configuration parameters can lead to command injection. Publicly referenced ...