|
2701
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31168
|
2026-04-27 23:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2702
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31169
|
2026-04-27 23:55 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2703
|
9.8 |
CRITICAL
Network
|
goshs
|
goshs
|
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started w…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40884
|
2026-04-27 23:55 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2704
|
6.5 |
MEDIUM
Network
|
totolink
|
a3300r_firmware
|
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.
|
CWE-77
Command Injection
|
CVE-2026-31173
|
2026-04-27 23:54 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2705
|
5.4 |
MEDIUM
Network
|
mintplexlabs
|
anythingllm
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an uns…
|
CWE-79
CWE-116
CWE-1336
Cross-site Scripting
Improper Encoding or Escaping of Output
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-41318
|
2026-04-27 23:53 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2706
|
8.8 |
HIGH
Network
|
goshs
|
goshs
|
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global ba…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-40885
|
2026-04-27 23:51 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2707
|
8.7 |
HIGH
Local
|
linaro
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mi…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-33317
|
2026-04-27 23:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2708
|
6.5 |
MEDIUM
Network
|
apache
|
activemq
activemq_web
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web.
An authenticated attacker can show malicious content when browsin…
|
CWE-79
CWE-915
Cross-site Scripting
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-41043
|
2026-04-27 23:49 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2709
|
8.8 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.
An authenticated attacker can use …
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-41044
|
2026-04-27 23:49 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2710
|
9.8 |
CRITICAL
Network
|
ericsson
|
codechecker
|
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Authentication bypass occurs when the URL ends with Authentication with certain…
|
CWE-290
CWE-863
Authentication Bypass by Spoofing
Incorrect Authorization
|
CVE-2026-25660
|
2026-04-27 23:48 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
