CVE-2026-7717

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

CVE-2026-7717 Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

CVE-2026-7717

Totolink WA300 5.2cu.7112_B20190227 is affected by CVE-2026-7717. The vulnerability is in the POST Request Handler’s UploadCustomModule function (file path: /cgi-bin/cstecgi.cgi). Manipulating the File argument can trigger a buffer overflow, and the issue can be exploited remotely. Exploitation i...

American Fuzzy Lop plus plus 4.35c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

EUVD-2022-4450

Malicious code in bioql PyPI...

CVE-2025-57055

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curlexec without sufficient validation,...

CVE-2025-57055

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curlexec without sufficient validation,...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS from WonderCMS, Inc. A security vulnerability exists in WonderCMS version 3.5.0, which stems from insufficient validation of the pluginThemeUrl parameter in the custom module installation feature, which could lead to a server-sid...

CVE-2025-57055

WonderCMS 3.5.0 is affected by a Server-Side Request Forgery (SSRF) in the custom module installation feature. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter, and the server fetches it with curl_exec() without sufficient validation, enabling potent...

PT-2025-38162

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.5.0 Description: WonderCMS version 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl...

CVE-2025-57055

WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery SSRF in the custom module installation functionality. An authenticated administrator can supply a malicious URL via the pluginThemeUrl POST parameter. The server fetches the provided URL using curlexec without sufficient validation,...

Command Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Command Injection via the CustomMCP class. An attacker can gain unauthorized remote access and execute arbitrary operating system commands by sending crafted requests over the network. This i...

CVE-2025-5901

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can...

American Fuzzy Lop plus plus 4.32c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

DRUPAL-CORE-2025-004

Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross Site Scripting vulnerability XSS. This vulnerability is mitigated by that fact that an attacker would need to have the ability to add specific attributes to a Link field, which typically requires edit acce...

CVE-2024-46424

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter...

CVE-2024-46424

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter...

PT-2024-31986 · Totolink · Totolink Ac1200 T8

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220 Description: The issue is a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter. This vulnerability...

CVE-2024-7334

A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed t...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the function UploadCustomModule parameter in the file /cgi-bin/cstecgi.cgi that causes a buffer overflow. No details of the...