|
1251
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic…
|
CWE-59
CWE-22
Link Following
Path Traversal
|
CVE-2026-6941
|
2026-04-27 23:57 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1252
|
8.1 |
HIGH
Network
|
goshs
|
goshs
|
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause a…
|
CWE-352
Origin Validation Error
|
CVE-2026-40883
|
2026-04-27 23:57 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1253
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31166
|
2026-04-27 23:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1254
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31167
|
2026-04-27 23:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1255
|
7.1 |
HIGH
Local
|
radare
|
radare2
|
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the …
|
CWE-22
Path Traversal
|
CVE-2026-6940
|
2026-04-27 23:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1256
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31168
|
2026-04-27 23:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1257
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31169
|
2026-04-27 23:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1258
|
9.8 |
CRITICAL
Network
|
goshs
|
goshs
|
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started w…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40884
|
2026-04-27 23:55 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1259
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31173
|
2026-04-27 23:54 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1260
|
5.4 |
MEDIUM
Network
|
mintplexlabs
|
anythingllm
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an uns…
|
CWE-79
CWE-116
CWE-1336
Cross-site Scripting
Improper Encoding or Escaping of Output
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-41318
|
2026-04-27 23:53 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
