|
481
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.
Update
|
CWE-77
Command Injection
|
CVE-2026-31166
|
2026-04-27 23:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
482
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
Update
|
CWE-77
Command Injection
|
CVE-2026-31167
|
2026-04-27 23:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
483
|
7.1 |
HIGH
Local
|
radare
|
radare2
|
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the …
Update
|
CWE-22
Path Traversal
|
CVE-2026-6940
|
2026-04-27 23:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
484
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.
Update
|
CWE-77
Command Injection
|
CVE-2026-31168
|
2026-04-27 23:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
485
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.
Update
|
CWE-77
Command Injection
|
CVE-2026-31169
|
2026-04-27 23:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
486
|
9.8 |
CRITICAL
Network
|
goshs
|
goshs
|
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started w…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40884
|
2026-04-27 23:55 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
487
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.
Update
|
CWE-77
Command Injection
|
CVE-2026-31173
|
2026-04-27 23:54 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
488
|
9.8 |
CRITICAL
Network
|
socialengine
|
socialengine
|
SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized befo…
Update
|
CWE-89
SQL Injection
|
CVE-2026-41460
|
2026-04-27 23:54 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
489
|
5.4 |
MEDIUM
Network
|
mintplexlabs
|
anythingllm
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an uns…
Update
|
CWE-79
CWE-116
CWE-1336
Cross-site Scripting
Improper Encoding or Escaping of Output
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-41318
|
2026-04-27 23:53 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
490
|
8.5 |
HIGH
Network
|
socialengine
|
socialengine
|
SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is no…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41461
|
2026-04-27 23:53 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
