|
341
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input ver…
New
|
CWE-94
Code Injection
|
CVE-2026-41138
|
2026-04-25 00:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
9.8 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from…
New
|
CWE-184
Incomplete Blacklist
|
CVE-2026-41264
|
2026-04-25 00:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
9.8 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results…
New
|
CWE-77
Command Injection
|
CVE-2026-41265
|
2026-04-25 00:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
9.8 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoin…
New
|
CWE-639
CWE-915
Authorization Bypass Through User-Controlled Key
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-41267
|
2026-04-25 00:14 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
9.8 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerabili…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-41268
|
2026-04-25 00:14 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31159
|
2026-04-25 00:13 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31160
|
2026-04-25 00:13 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31164
|
2026-04-25 00:13 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31165
|
2026-04-25 00:12 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31171
|
2026-04-25 00:12 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
