CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

CVE-2026-6114

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the removeAttributeNS function. An attacker can manipulate the prototype chain of JavaScript objects, potentially causing a denial-of-service attack by supplying malicious input that targets the proto property...

Prototype Pollution

Overview ts-deepmerge is an a deep merge function that automatically infers the return type based on your input, without mutating the source objects. Affected versions of this package are vulnerable to Prototype Pollution due to missing sanitization of the merge function. PoC: js var tsDeepmerge ...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. It allows an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 PoC: ...