8.7
CVE-2026-6121 - Tenda F451 httpd WrlclientSet stack-based overflow
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publiβ¦
8.7
CVE-2026-6120 - Tenda F451 httpd DhcpListClient fromDhcpListClient stack-based overflow
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public andβ¦
5.3
CVE-2026-6119 - AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used.β¦
5.3
CVE-2026-6118 - AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotβ¦
5.3
CVE-2026-6117 - AstrBotDevs AstrBot install-upload Endpoint plugin.py install_plugin_upload sandbox
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed reβ¦
9.3
CVE-2026-6116 - Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is posβ¦
9.3
CVE-2026-6115 - Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has bβ¦
9.3
CVE-2026-6114 - Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remβ¦
9.3
CVE-2026-6113 - Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack cβ¦
9.3
CVE-2026-6112 - Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The expβ¦