GHSA-JJ6C-8H6C-HPPX vulnerabilities

Vulnerabilities for packages: open-webui...

PT-2026-36877

Name of the Vulnerable Software and Affected Versions Beets versions prior to 2.10.0 Description The bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, performs raw insertion, whereas HTML escaping is only handled by . The rendered output is...

CVE-2026-7244

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

CVE-2026-7243

Totolink A8000RU (firmware 7.1cu.643_b20200521) CGI Handler /cgi-bin/cstecgi.cgi: vulnerable function setRadvdCfg. Attackers can remotely inject OS commands by manipulating the maxRtrAdvInterval argument. Publicly available exploit referenced; no mitigation details provided in the documents. Reme...

CVE-2026-7242 Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from...

CVE-2026-7240 Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...

CVE-2026-7240

CVE-2026-7240 affects Totolink A8000RU 7.1cu.643_b20200521. The vulnerability resides in CGI Handler’s /cgi-bin/cstecgi.cgi function setVpnAccountCfg, where manipulation of the User argument enables OS command injection. This can be exploited remotely with no authentication (attack vector: NETWOR...

CVE-2026-7204

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

PT-2026-35573

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

PT-2026-35690

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

CVE-2026-7202 Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

CVE-2026-7202

The CVE concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). It affects the CGI Handler’s file /cgi-bin/cstecgi.cgi, in the function setWiFiWpsStart, where manipulating the argument wscDisabled enables OS command injection. Impact is high on confidentiality, integrity, and availability (per ...

CVE-2026-7154

Technical details about CVE-2026-7154 are not publicly available in the provided documents. No confirmed affected products, versions, or fixes are stated here. Monitor for updates from official advisories.

CVE-2026-7140

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

CVE-2026-7136

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched...

CVE-2026-7139 Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...

CVE-2026-7136 Totolink A8000RU CGI cstecgi.cgi setDmzCfg os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched...

CVE-2026-7123 Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The...

CVE-2026-7121 Totolink A8000RU CGI cstecgi.cgi setWizardCfg os command injection

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack remotely. The exploit has...

EUVD-2026-25757

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...