341 matches found
MAL-2025-4424 Malicious code in @cat-ecom/pcc-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 96cbe81d68d4bf1046012598de37b5dcef6f28b3ce01653ab29b3405b359d30e The OpenSSF Package Analysis project identified '@cat-ecom/pcc-components' @ 99.99.99 npm as malicious. It is considered malicious because: - Th...
CVE-2024-48631
D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...
CVE-2024-21821
Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands...
CVE-2024-51254
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the signcacertificate function...
CVE-2023-33486
TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter...
CVE-2021-38611
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...
CVE-2021-21308
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2...
CVE-2019-15343
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...
CVE-2025-26241
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket =1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...
CVE-2025-44839
CVE-2025-44839 affects TOTOLINK CA600-PoE (V5.3c.6665_B20180820). The CloudSrvUserdataVersionCheck function is vulnerable to command injection via the magicid parameter, allowing arbitrary commands through a crafted request. Root cause: insufficient filtering of constructed command characters in ...
Malicious code in rippling-marketing-site (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33a7126a0a4c766d46bba75737e5f330267038f14b6006030e92fc55e076d658 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bagayaluzqdl159 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7811a14ef94ae6d98abe542d9f5c3d933e30c3a7d85a4f5fe707e102acbb6f2d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cryptomus-aurora-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db5768718bc2c708ec27865d8e381f97ca5fb81b191a946bc786bb0350aaec26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2342 Malicious code in foundry-js-react-blueprint (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 003370478f168f2d57cb08caf6214ba25adf57eaefa736fc7460dd4550ee09c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2338 Malicious code in malwaretest (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 397437468f634806853b4f3a7f82626c63224cb1d7f173af2aa530d126540ea9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in limit-order-validation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7ad6cba9faf323fb0ffae19f703ba40944f39673b2e8803037d19ff0990671f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux Distros Unpatched Vulnerability : CVE-2022-24803
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asciidoctor-include-ext is Asciidoctor's standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied...
MAL-2025-2074 Malicious code in adminauthserv-paypal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f01fbeb3da8a3ec0a1c93f3ff5431e6be6693f2a2e13482834637f2b73e99d13 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2062 Malicious code in learning-kotlin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5560da3fe5e63bf7da20ae1cd458fd7999e279367f07227ce8a6019ca497dc87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1515 Malicious code in @starkgate-v2/web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd18cb51b9bfc804c264ad648ce51fda4711022cb95ee99b35e70739222662ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...