5.3

CVSS4.0

CVE-2026-6117 - AstrBotDevs AstrBot install-upload Endpoint plugin.py install_plugin_upload sandbox

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed re…

πŸ“… Published: April 12, 2026, 4:30 a.m. πŸ”„ Last Modified: April 12, 2026, 4:30 a.m.

9.3

CVSS4.0

CVE-2026-6116 - Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is pos…

πŸ“… Published: April 12, 2026, 4:15 a.m. πŸ”„ Last Modified: April 12, 2026, 4:15 a.m.

9.3

CVSS4.0

CVE-2026-6115 - Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has b…

πŸ“… Published: April 12, 2026, 4 a.m. πŸ”„ Last Modified: April 12, 2026, 4 a.m.

9.3

CVSS4.0

CVE-2026-6114 - Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated rem…

πŸ“… Published: April 12, 2026, 3:30 a.m. πŸ”„ Last Modified: April 12, 2026, 3:30 a.m.

9.3

CVSS4.0

CVE-2026-6113 - Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack c…

πŸ“… Published: April 12, 2026, 3 a.m. πŸ”„ Last Modified: April 12, 2026, 3 a.m.

9.3

CVSS4.0

CVE-2026-6112 - Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exp…

πŸ“… Published: April 12, 2026, 2:45 a.m. πŸ”„ Last Modified: April 12, 2026, 2:45 a.m.

5.3

CVSS4.0

CVE-2026-6111 - FoundationAgents MetaGPT common.py decode_image server-side request forgery

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit …

πŸ“… Published: April 12, 2026, 2:30 a.m. πŸ”„ Last Modified: April 12, 2026, 2:30 a.m.

8.2

CVSS3.0

CVE-2026-1116 - Cross-site Scripting (XSS) in parisneo/lollms

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This a…

πŸ“… Published: April 12, 2026, 2:22 a.m. πŸ”„ Last Modified: April 12, 2026, 2:22 a.m.

6.9

CVSS4.0

CVE-2026-6110 - FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is p…

πŸ“… Published: April 12, 2026, 2 a.m. πŸ”„ Last Modified: April 12, 2026, 2 a.m.

5.3

CVSS4.0

CVE-2026-6109 - FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack m…

πŸ“… Published: April 12, 2026, 1:30 a.m. πŸ”„ Last Modified: April 12, 2026, 1:30 a.m.
Total resulsts: 343948
Page 2 of 34,395
Β« previous page Β» next page
Filters