406 matches found
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of the parameter “wizard” in the function...
CVE-2026-6132 Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection
A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...
CVE-2026-6113 Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack...
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from the improper handling of the parameter “ip” in the setDiagnosisCfg...
PT-2026-32190
Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the CGI Handler component of the Totolink A7100RU router. Specifically, the setLedCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to OS command injecti...
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from an improper handling of the parameter maxRtrAdvInterval in the...
CVE-2026-6028
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely...
CVE-2026-5995
The CVE affects Totolink A7100RU (firmware 7.4cu.2313_b20191024). The vulnerable component is /cgi-bin/cstecgi.cgi, function setMiniuiHomeInfoShow, where manipulating the lan_info argument enables OS command injection. Impact is described as high for confidentiality, integrity, and availability, ...
CVE-2026-5994 Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnetenabled results in os command injection. The attack is possible ...
PT-2026-31835
Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The setMiniuiHomeInfoShow function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is affected...
PT-2026-31884
Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the Totolink A7100RU router. The issue affects the setUrlFilterRules function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component. Manipulation of the...
CVE-2026-5977 Totolink A7100RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack...
Totolink A3300R Command Injection Vulnerability (CNVD-2026-16680)
Totolink A3300R is a wireless router product from Totolink. A command injection vulnerability exists in the Totolink A3300R version 17.0.0cu.557b20221024, which stems from improper handling of the qosupbw parameter in the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file in its parameter...
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...
Django 安全漏洞
Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These...
Exploit for OS Command Injection in Php
CVE-2024-4577 Python Exploit Toolkit A Python toolkit for exp...
GHSA-HR8G-2Q7X-3F4W OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability
Summary OpenClaw Gateway Control Interface Information Disclosure Vulnerability Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Released Control UI bootstrap JSON did expose version and assistant agent id, but that is low-severity fingerprinting or info...
CVE-2026-4197
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...
CVE-2026-4468
A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET=updateinterfacepng. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and ma...
SUSE-SU-2026:1062-1 Security update for python310
This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...