CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the chunkUpload function in UploadService.php. An attacker can upload arbitrary files by sending crafted requests to the affected endpoint. Remediation A fix was pushed into the master branch but not yet...

CVE-2026-7732

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file requestblood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-43863

CVE-2026-43863 affects mutt prior to 2.3.2, where an infinite loop in data_object_to_stream (crypt-gpgme.c) is reported. The CVSS 3.1 vector indicates low availability impact. No remediation or specific fix details are provided in the connected documents. Affected version range inferred: mutt

Missing Authentication for Critical Function

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Missing...

EUVD-2026-26884

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7730

CVE-2026-7730 affects privsim mcp-test-runner 0.2.0. The vulnerability is in the MCP Interface’s src/index.ts where the function child_process.spawn mishandles the argument command, enabling an os command injection. Impact may be remote; exploit publicly available. Documents do not provide remedi...

CVE-2026-7730

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7722

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7721

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

EUVD-2026-26866

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

EUVD-2026-26959

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability arises from the loginauth function in the Parameter Handler component, where the handling of the Password...

PT-2026-36782

A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer prev/tsMuxer/hevc.cpp. This manipulation of the argument track id causes denial of service. The attack requires local access. The exploit h...

OpenSTAManager 代码问题漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.10 and earlier had code-related vulnerabilities, which stemmed from arbitrary file upload vulnerabilities in the module update function...

tsMuxer 安全漏洞

tsMuxer is a transport stream multiplexer developed by Dan’s individual developer, used for re-mixing/reusing basic streams. Versions of tsMuxer 2.7.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the setFPS function in the tsMuxer/vvc.cpp file, which allows for...

MCP Server for ArangoDB 路径遍历漏洞

MCP Server for ArangoDB is a database interaction tool based on ArangoDB, developed by Alp Sarıyer. Versions of MCP Server for ArangoDB 0.4.7 and earlier had a path traversal vulnerability. This vulnerability stemmed from the function arangobackup in the MCP Interface component, which allowed for...

PT-2026-36749

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description An issue exists in the POST Request Handler component where the manipulation of the webWlanIdx argument in the setWebWlanIdx function of the '/cgi-bin/cstecgi.cgi' endpoint allows for...