CVE-2026-7719

The CVE-2026-7719 entry describes a buffer overflow in Totolink WA300’s /cgi-bin/cstecgi.cgi loginauth handler (affected component: POST Request Handler). Specifically, manipulation of the http_host argument can overflow a buffer, enabling a remote attack. Public exploit details are indicated (ex...

EUVD-2026-26869

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

CVE-2026-7717 Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

EUVD-2026-26868

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability stems from an operation on the parameterFileName in the setUpgradeFW function of the POST Request Handler...

PT-2026-36745

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the UploadCustomModule function of the '/cgi-bin/cstecgi.cgi' endpoint when the...

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

MCP Data Visualization & Experimentation Platform 代码问题漏洞

MCP Data Visualization & Experimentation Platform is a large model context protocol developed by alejandro and his team. There are code-related vulnerabilities in MCP Data Visualization & Experimentation Platform. These vulnerabilities stem from improper use of the axios function in the...

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

CVE-2026-6979

Affects devlikeapro WAHA up to 2026.3.4; vulnerable in the API Request Handler function src/api/media.controller.ts, enabling server-side request forgery. Attackable remotely; exploit published. Vendor unresponsive. No remediation details provided in the documents.

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

SUSE CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

PT-2026-35149

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

WAHA 代码问题漏洞

WAHA is an open-source WhatsApp HTTP API service tool developed by devlikeapro. Versions of WAHA prior to 2026.3.4 contained code vulnerabilities. These vulnerabilities stemmed from unknown features in the component’s API Request Handler, specifically in the file src/api/media.controller.ts, whic...

CVE-2026-1949

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service...

CVE-2025-66286

Technical details about CVE-2025-66286 are not publicly available in the provided documents. Monitor for updates from Red Hat, WebKitGTK, and WPE WebKit for affected products, versions, impact, and fixes.

CVE-2026-41135 free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service

free5GC UDR is the Policy Control Function PCF for free5GC, an an open-source project for 5th generation 5G mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory...

PT-2026-33449

Name of the Vulnerable Software and Affected Versions QueryMine sms versions up to 7ab5a9ea196209611134525ffc18de25c57d9593 Description Remote SQL injection is possible via the GET Request Parameter Handler in the 'admin/editcourse.php' file. The issue occurs when the ID argument is manipulated,...

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...