2096 matches found
MAL-2026-452 Malicious code in @brl-laiwb/ng-laiwb-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0a2d2559068acafc26534b55d4bf70fc9abcb26da8ff214a2357dee2596265 The package @brl-laiwb/ng-laiwb-api was found to contain malicious code. Source: ghsa-malware...
MAL-2026-379 Malicious code in @joaoxxx/internallib-v325 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f9c573db1b523cb0082a05f37710f4084f5ed28324fbe23186a7ebf9a0a082d The package @joaoxxx/internallib-v325 was found to contain malicious code. Source: ghsa-malware...
Yodinfo Mini Mouse path traversal vulnerability
Yodinfo Mini Mouse is a mobile remote control application developed by Yodinfo in China. The version 9.2.0 of Yodinfo Mini Mouse contains a path traversal vulnerability. This vulnerability arises due to specially crafted HTTP requests that allow for path traversal, potentially leading to access t...
MiracleLinux 9 : unbound-1.16.2-3.el9_3.5 (AXSA:2024-7682:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7682:03 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...
Malicious code in marshel (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b25f97e5a657b33bb26f2ccdfbdb55e459274a4cb3e19e38d3f04ba6ea3583 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
MAL-2026-325 Malicious code in marshel (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b25f97e5a657b33bb26f2ccdfbdb55e459274a4cb3e19e38d3f04ba6ea3583 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
CLSA-2026-1768395381 unbound: Fix of CVE-2024-1488
Fix CVE-2024-1488: improper access control for remote control interface Previous defaults allowed any process to change unbound settings...
Malicious code in formater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 71f6a751b5ff98dceeee5863086a2d9988640b93d96ccef9d50fb0d0d1dd116c During importing the package automatically downloads a script that uses a Telegram bot to perform remote control over the computer --- Category: MALICIOUS - Th...
MAL-2026-237 Malicious code in formater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 71f6a751b5ff98dceeee5863086a2d9988640b93d96ccef9d50fb0d0d1dd116c During importing the package automatically downloads a script that uses a Telegram bot to perform remote control over the computer --- Category: MALICIOUS - Th...
Malicious code in graponater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9bbd986bf5883f6b5b40a7061c514b13f71a27c021471595671d060b260affc3 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
CVE-2023-49313
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data...
CVE-2021-27943
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack against only 10000 possibilities, allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and...
CVE-2021-31217
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM...
CVE-2022-35582
Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...
CVE-2019-18980
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...
CVE-2020-10612
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting ...
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
A cybercrime gang known as Black Cat has been attributed to a search engine optimization SEO poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National...
CVE-2022-27250
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data...
CVE-2019-12505
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In...
CVE-2019-12762
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch...