Malicious code in acme-widget-layout-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...

Exploit for Improper Authentication in Adguard Adguardhome

CVE-2026-32136exploit - AdGuard Home h2c Upgrade Auth Bypass...

CVE-2025-31981 HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption

HCL BigFix Service Management SM Discovery is vulnerable to unenforced encryption due to port 80 HTTP being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data...

CVE-2025-31981

HCL BigFix Service Management SM Discovery is vulnerable to unenforced encryption due to port 80 HTTP being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data...

CVE-2025-31981

HCL BigFix Service Management (SM) Discovery is affected by unenforced encryption caused by HTTP port 80 being open. An attacker with network access can sniff unencrypted traffic, potentially exposing data (Confidentiality impact: LOW per CVSS). The provided documents do not specify a remediation...

CVE-2026-33472 Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...

CVE-2026-2491

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2026-2491 Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2026-2491

CVE-2026-2491 : Socomec DIRIS A-40 HTTP API Authentication Bypass. The web API (default port 80) lacks authentication, enabling network-adjacent attackers to bypass auth and access functionality on affected DIRIS A-40 power monitoring devices. Root cause is missing authentication prior to exposin...

CVE-2026-2491 Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API implementation, which listens on TCP po...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002928)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002928 advisory. The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002747)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002747 advisory. The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic...

VulnCheck KEV: CVE-2020-27866

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this...

CVE-2025-10150

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...

CVE-2025-10150

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...

CVE-2025-10150 Webserver crash caused by scanning on TCP port 80

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...

CVE-2025-10150 Webserver crash caused by scanning on TCP port 80

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...

EUVD-2025-36438

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...

EUVD-2025-29046

Malicious code in bioql PyPI...