42 matches found
CVE-2026-45661
Dokploy
CVE-2026-45661
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote serve...
CVE-2026-49201
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...
CVE-2026-49201
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...
EUVD-2026-33271
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...
Malicious code in atel-mcp-openclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1e4255e19fdb4f0352f184f35599be81651badab879e4f39d0f3bb4fda4a58e The package contains multiple structural fingerprints of an active credential-stealer / C2 implant. bin/install.js performs lifecycle-time HTTP POSTs...
MAL-2026-4485 Malicious code in atel-mcp-openclaw (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1e4255e19fdb4f0352f184f35599be81651badab879e4f39d0f3bb4fda4a58e The package contains multiple structural fingerprints of an active credential-stealer / C2 implant. bin/install.js performs lifecycle-time HTTP POSTs...
MAL-2026-3886 Malicious code in @antv/f-test-utils (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
PT-2026-42018
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...
Malicious code in d4rktg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3348d9f4bb35442b1de902c35ca46292f9336a8f83ac8deb7e870b2cd6af9019 The library's sole authorization primitive, CustomFilters.authorize in d4rk/Utils/filters.py, OR's the installer-supplied ownerid and sudousers list...
PT-2026-38458
Name of the Vulnerable Software and Affected Versions Yarbo version 2.3.9 Description A hidden, persistent backdoor provides remote, unauthenticated or weakly authenticated access to privileged functionality. This backdoor is undocumented, cannot be disabled through user-facing settings, and...
CVE-2026-6443
CVE-2026-6443 affects Essentialplugin plugins for WordPress. The backdoor is injected in multiple plugin versions after a malicious actor acquired the plugins, enabling the attacker to maintain persistent access and inject spam across affected sites. Specific public details include an injected ba...
CVE-2026-6443
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...
WordPress plugin Accordion and Accordion Slider 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-33416
Name of the Vulnerable Software and Affected Versions Accordion and Accordion Slider version 1.4.6 Description The plugin contains an injected backdoor resulting from a supply chain attack where the software was sold to a malicious threat actor. This allows the actor to maintain persistent access...
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors,...
Microsoft Windows Service Installation Persistence
This is a Microsoft Windows persistent service installer for creating backdoor services that automatically start payloads upon system boot. This tool is designed for authorized penetration testing and security research purposes. This variant from the author is written in PHP...
CVE-2025-9909
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management RMM software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing...
Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats
Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data...