Comparison Overview

A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

• https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_39/README.md
• https://vuldb.com/submit/779128
• https://vuldb.com/vuln/354126
• https://vuldb.com/vuln/354126/cti
• https://www.totolink.net/

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

• https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
• https://lists.security.metacpan.org/cve-announce/msg/37638919/
• https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
• https://metacpan.org/release/SHAY/perl-5.40.4/changes
• https://metacpan.org/release/SHAY/perl-5.42.2/changes
• https://www.cve.org/CVERecord?id=CVE-2026-3381

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.

• https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-mc3p-mq2p-xw6v
• https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000001011111111111000111111110000000000000000000000000000000000000000000000000000000110

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0.

• https://github.com/parisneo/lollms/commit/c46297799f8e1e23305373f8350746b905e0e83c
• https://huntr.com/bounties/6aab01ca-a138-4a1d-bef9-3bce145359bf

A Server-Side Request Forgery (SSRF) vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the `/api/files/export-content` endpoint. The `_download_image_to_temp()` function in `backend/routers/files.py` fails to validate user-controlled URLs, allowing attackers to make arbitrary HTTP requests to internal services and cloud metadata endpoints. This vulnerability can lead to internal network access, cloud metadata access, information disclosure, port scanning, and potentially remote code execution.

• https://github.com/parisneo/lollms/commit/76a54f0df2df8a5b254aa627d487b5dc939a0263
• https://huntr.com/bounties/65e43a5e-b902-4369-b738-1825285a3ea5