CVE Vulnerabilities - 12 April 2026

An attacker can potentially execute unauthorized commands on your Totolink A7100RU device by exploiting a weakness in its CGI Handler. This could allow them to gain control of the device or disrupt it...

A security flaw in the Totolink A7100RU router's CGI Handler allows an attacker to execute unauthorized commands on the device, potentially giving them control over the router. This can be done remote...

A security vulnerability in the Totolink A7100RU router's CGI Handler allows an attacker to execute unauthorized commands remotely. This could lead to unauthorized access and control of the router. Us...

A security flaw in the Totolink A7100RU router can allow hackers to execute malicious code on the device from anywhere on the internet. This could potentially be exploited by hackers who have access t...

The Totolink A7100RU router's CGI Handler is vulnerable to a remote attack that can allow an attacker to execute commands on the router. This could be used to take control of the router or disrupt its...

A security weakness in the Parisneo Lollms software could allow an attacker to inject malicious code into a user's browser, potentially leading to unauthorized access to accounts or sessions. This is ...

Mozilla Thunderbird has released an update to fix several critical security issues that could allow attackers to take control of your computer, steal sensitive information, or disrupt your email and b...

A security flaw in MetaGPT's thought generation feature could allow an attacker to execute arbitrary code on a server. This could happen if a malicious user sends a specially crafted request to the af...

An attacker can inject malicious commands into the AstrBot system through the MCP Endpoint, potentially allowing them to execute unauthorized actions. This issue affects AstrBot versions up to 4.22.1....

AstrBot's plugin installation feature allows an attacker to upload malicious files without proper validation, which can lead to a security breach. This affects version 4.22.1 and earlier. To protect y...

A security issue in MetaGPT's image processing code allows attackers to trick the system into fetching images from unauthorized sources. This could be used to spread malware or disrupt the system. We ...

An attacker can execute arbitrary system commands on a vulnerable system using the 1Panel-dev MaxKB MCP Node, which can lead to unauthorized access and data theft. This vulnerability allows an attacke...

The MetaGPT Mineflayer API, used in Minecraft bots, has a security flaw that makes it vulnerable to a type of attack where an attacker can trick the system into performing unwanted actions. This could...

A security flaw in 1Panel-dev MaxKB's chat headers middleware can allow attackers to inject malicious code, potentially allowing them access to sensitive information or taking control of user sessions...

Apache HTTP Server may reveal sensitive files on the server to unauthorized users. This could potentially allow an attacker to access confidential data. To protect your server, ensure that you're runn...

Adobe ColdFusion Server has a vulnerability that allows attackers to upload arbitrary files, potentially allowing them to execute malicious code. This could lead to unauthorized access to sensitive da...

Apache HTTP Server's mod_proxy_html module is vulnerable to a cross-site scripting (XSS) attack. This means that an attacker could inject malicious code into web pages, potentially stealing user data ...