|
381
|
4.3 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-me…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41908
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format (OTLP), if t…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-40182
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
5.4 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers w…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41909
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
- |
|
-
|
-
|
TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in de…
New
|
CWE-1394
Use of Default Cryptographic Key
|
CVE-2026-5039
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31162
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31163
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31166
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31167
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31168
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.
New
|
CWE-77
Command Injection
|
CVE-2026-31169
|
2026-04-24 23:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
