Malicious code in @timelycare/config-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc893c48f00d7000b6737fbccd385652c78342aad49e12c49134ce72b42852a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2026-18432

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

CVE-2026-34121

TP-Link Tapo C520WS v2.6 is affected by an authentication bypass in the DS configuration service’s HTTP handling due to inconsistent JSON request parsing and authorization logic. An unauthenticated attacker can append an authentication-exempt action to a request containing privileged DS do action...

PT-2026-29849

A critical HTTP authentication bypass CVE-2026-34121 has been identified in TP-Link devices, potentially allowing unauthorized access. Technical Breakdown Vulnerability Type: Authentication Bypass Impact: Allows an attacker to circumvent HTTP authentication mechanisms on affected TP-Link devices,...

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2.6 version has a security vulnerability. This vulnerability stems from inconsistencies in the JSON request parsing and authorization logic during the authentication check in the DS configuration...

CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

CVE-2025-37160 Authenticated Broken Access Control (BAC) in REST API Configuration Service

A broken access control BAC vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data...

CVE-2025-37160

The CVE-2025-37160 entry describes a broken access control (BAC) vulnerability in the web-based management interface of HPE Aruba Networking AOS-CX. An authenticated remote attacker with low privileges could view sensitive information, leading to data disclosure. The affected component is the web...

EUVD-2014-2937

Malware in sbrugna...

EUVD-2016-4488

Malware in sbrugna...

EUVD-2013-7129

Malware in sbrugna...

EUVD-2025-2414

Malicious code in bioql PyPI...

EUVD-2022-40979

Malicious code in bioql PyPI...

Malicious code in mydealer-configuration-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a6c72b4ebdfecd3ab01a485711a49a10423d88ba0231b62418227c458a78a2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

(Pwn2Own) Phoenix Contact CHARX SEC-3150 Configuration Service Missing Authentication Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration service, which listens on TCP port 500...

(Pwn2Own) Phoenix Contact CHARX SEC-3150 DHCP Configuration Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration service, which listens on TCP port 50...

UBUNTU-CVE-2025-38132

In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfgcsdevlock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 perf enable load module cscfgloadconfigsets activate config. // sysfs sysactivecnt == 1...

CVE-2024-40893

Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...