2.3
CVE-2026-7724 - PrefectHQ prefect Webhook/Notification validate_restricted_url toctou
A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is conβ¦
6.9
CVE-2026-7723 - PrefectHQ prefect WebSocket Endpoint in missing authentication
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be usβ¦
6.9
CVE-2026-7722 - PrefectHQ prefect Health Check API health endswith improper authentication
A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public anβ¦
5.3
CVE-2026-7721 - Totolink WA300 cstecgi.cgi NTPSyncWithHost command injection
A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed pβ¦
5.3
CVE-2026-7720 - Totolink WA300 POST Request cstecgi.cgi setLanguageCfg command injection
A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack iβ¦
9.3
CVE-2026-7719 - Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remoteβ¦
5.3
CVE-2026-7718 - Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection
A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The expβ¦
8.7
CVE-2026-7717 - Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow
A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remβ¦
9
CVE-2026-42370 - GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
9
CVE-2026-7372 - GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconβ¦