6.3

CVSS4.0

CVE-2026-6878 - ByteDance verl grader.py math_equal sandbox

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be dโ€ฆ

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 28, 2026, 9:26 a.m.

6.5

CVSS3.1

CVE-2026-31159 -

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi.

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 24, 2026, 3:13 p.m.

7.3

CVSS3.1

CVE-2025-70994 -

Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal foโ€ฆ

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 28, 2026, 9:26 a.m.

9.8

CVSS3.1

CVE-2026-31175 -

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi.

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 24, 2026, 3:12 p.m.

6.5

CVSS3.1

CVE-2026-31166 -

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 27, 2026, 2:56 p.m.

6.5

CVSS3.1

CVE-2026-31171 -

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi.

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 24, 2026, 3:12 p.m.

6.5

CVSS3.1

CVE-2026-31179 -

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 27, 2026, 2:58 p.m.

9.8

CVSS3.1

CVE-2026-31177 -

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 27, 2026, 2:59 p.m.

7.0

CVSS3.1

CVE-2026-31532 - can: raw: fix ro->uniq use-after-free in raw_rcv()

In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rcv() may still be ruโ€ฆ

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 27, 2026, 11 a.m.

6.5

CVSS3.1

CVE-2026-31163 -

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.

๐Ÿ“… Published: April 23, 2026, midnight ๐Ÿ”„ Last Modified: April 27, 2026, 2:57 p.m.
Total resulsts: 348413
Page 232 of 34,842
ยซ previous page ยป next page
Filters