Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31163 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31162 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-6921 | HIGH | 8.3 | Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video … | Apr 23, 2026 |
| CVE-2026-6920 | CRITICAL | 9.6 | Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to … | Apr 23, 2026 |
| CVE-2026-6919 | CRITICAL | 9.6 | Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a … | Apr 23, 2026 |
| CVE-2026-5039 | UNKNOWN | — | TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable … | Apr 23, 2026 |
| CVE-2026-41909 | MEDIUM | 5.4 | OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with … | Apr 23, 2026 |
| CVE-2026-41908 | MEDIUM | 4.3 | OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files … | Apr 23, 2026 |
| CVE-2026-40891 | MEDIUM | 5.3 | OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol (OTLP), the exporter may … | Apr 23, 2026 |
| CVE-2026-40182 | MEDIUM | 5.3 | OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol … | Apr 23, 2026 |
| CVE-2026-31533 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced … | Apr 23, 2026 |
| CVE-2026-31181 | CRITICAL | 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31179 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31178 | CRITICAL | 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31177 | CRITICAL | 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31176 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31175 | CRITICAL | 9.8 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31174 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31172 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31171 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31165 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31164 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31160 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-31159 | MEDIUM | 6.5 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi. | Apr 23, 2026 |
| CVE-2026-41240 | UNKNOWN | — | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when … | Apr 23, 2026 |