|
4111
|
10.0 |
CRITICAL
Network
|
paperclip
|
paperclipai
paperclipai\/server
|
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on …
|
CWE-287
CWE-862
CWE-1188
Improper Authentication
Missing Authorization
Insecure Default Initialization of Resource
|
CVE-2026-41679
|
2026-04-27 23:58 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4112
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31179
|
2026-04-27 23:58 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4113
|
9.8 |
CRITICAL
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.
|
CWE-78
OS Command
|
CVE-2026-31181
|
2026-04-27 23:58 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4114
|
5.4 |
MEDIUM
Network
|
gfi
|
helpdesk
|
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-23758
|
2026-04-27 23:58 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4115
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31162
|
2026-04-27 23:57 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4116
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31163
|
2026-04-27 23:57 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4117
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic…
|
CWE-59
CWE-22
Link Following
Path Traversal
|
CVE-2026-6941
|
2026-04-27 23:57 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4118
|
8.1 |
HIGH
Network
|
goshs
|
goshs
|
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause a…
|
CWE-352
Origin Validation Error
|
CVE-2026-40883
|
2026-04-27 23:57 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4119
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31166
|
2026-04-27 23:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4120
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31167
|
2026-04-27 23:56 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
