MAL-2026-562 Malicious code in tabullates (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 499d47c3064299cb3d921b32ac9f22c2bab7b0b841b3de3a0cee3029625d5d26 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in tabletas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d102f1cf4d0e6b08e5e77aa57a2a436a49f782fe6571b2a8e8d114e10d968d Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

MAL-2026-492 Malicious code in tableates (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c69d9a3e244227f4e4146b60829ead907656c47989b3b83e1e5f56a2c06064ff Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2021-47770

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network...

CVE-2021-47836

Markdown Explorer 0.1.1 is affected by a persistent cross-site scripting (XSS) vulnerability that allows attackers to upload Markdown files with embedded JavaScript to execute remote commands and potentially gain system access. Root cause is XSS via file uploads/editor inputs. Public exploits are...

CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2021-47836 Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2025-62193

Sites running NOAA PMEL Live Access Server LAS are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of...

CVE-2021-47819

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...

CVE-2021-33963

China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/macaddrclone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

Malicious code in hooktest-fin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87e6fba5c0ac4b5359cb360a5dbf68404d0b8559bd94a9f4c33fdad09559b241 During installation, a script to execute remote commands through a Discord bot is installed, ensuring its persistence over reboots --- Category: MALICIOUS - Th...

MAL-2025-192685 Malicious code in hooktest-fin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87e6fba5c0ac4b5359cb360a5dbf68404d0b8559bd94a9f4c33fdad09559b241 During installation, a script to execute remote commands through a Discord bot is installed, ensuring its persistence over reboots --- Category: MALICIOUS - Th...

EUVD-2024-55351

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

CVE-2024-58305

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

CVE-2025-36743

CVE-2025-36743 concerns the SolarEdge SE3680H inverter, where an exposed debug/test interface is reachable by unauthenticated actors. Redundant exposure could lead to disclosure of internal system information and execution of debug commands, indicating a potential impact on confidentiality, integ...

SolarEdge SE3680H 安全漏洞

The SolarEdge SE3680H is a high-clearance wave inverter from SolarEdge, Israel. A security vulnerability exists in the SolarEdge SE3680H that originates from the exposure of an unauthenticated debug or test interface, which could lead to the disclosure of internal system information and the...

PT-2025-50972

Name of the Vulnerable Software and Affected Versions WonderCMS version 4.3.2 Description WonderCMS version 4.3.2 contains a cross-site scripting issue that allows attackers to inject malicious JavaScript through the module installation endpoint. An attacker can craft a specially designed XSS...

CVE-2025-64993

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...

CVE-2025-64992 Command Injection in 1E-Nomad-PauseNomadJobQueue Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...

CVE-2025-64991 Command Injection in 1E-PatchInsights-Deploy Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...