8.7
CVE-2026-6123 - Tenda F451 httpd addressNat fromAddressNat stack-based overflow
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has beβ¦
8.7
CVE-2026-6122 - Tenda F451 httpd L7Prot frmL7ProtForm stack-based overflow
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been discloβ¦
8.7
CVE-2026-6121 - Tenda F451 httpd WrlclientSet stack-based overflow
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publiβ¦
8.7
CVE-2026-6120 - Tenda F451 httpd DhcpListClient fromDhcpListClient stack-based overflow
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public andβ¦
5.3
CVE-2026-6119 - AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used.β¦
5.3
CVE-2026-6118 - AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotβ¦
5.3
CVE-2026-6117 - AstrBotDevs AstrBot install-upload Endpoint plugin.py install_plugin_upload sandbox
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed reβ¦
9.3
CVE-2026-6116 - Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is posβ¦
9.3
CVE-2026-6115 - Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has bβ¦
9.3
CVE-2026-6114 - Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remβ¦