15257 matches found
Malicious code in request-httpx-4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b0c661d240f626319e5ff1e52562ca1d4a8a6c741126a91e4d46a9ed639cfc0d The package contains a Telegram bot running allowing for remote access. This functionality is disclosed in the readme, but the package name clearly indicates...
📄 Telesquare TLR-2005KSH Remote Command Execution
Telesquare TLR-2005KSH proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Telesquare TLR-2005KSH - Remote Command Execution vulnerability | |...
CVE-2026-20761
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
CVE-2026-20761
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
CVE-2026-20761 EnOcean SmartServer IoT Command Injection
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
MAL-2026-951 Malicious code in printrables (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 062cd723b198a3d0af641a78b343642653fb80f4cbf527be765bb4e520cbd3ed Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
F5 iControl REST - Remote Command Execution
F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before...
Smanga 安全漏洞
Smanga is a Docker-based comic streaming reading tool developed by lkw199711. Version 3.2.7 of Smanga has a security vulnerability. This vulnerability stems from improper handling of the mediaId parameter in the /php/path/rescan.php interface. It could allow unverified attackers to inject operati...
📄 Serendipity 2.5.0 PHP Code Injection
Serendipity version 2.5.0 proof of concept PHP code injection exploit. ============================================================================================================================================= | Title : Serendipity 2.5.0 PHP COde Injection Vulnerability | | Author : indoushka ...
CVE-2026-27182
The CVE describes a local, unauthenticated command injection in Saturn Remote Mouse Server. An attacker on the same local network can send specially crafted UDP JSON frames to port 27000, where the service forwards unsanitized command data to OS execution functions, resulting in remote code execu...
CVE-2025-65753
An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root...
📄 Redash 25.8.0 Password Hash Extraction
This PHP script is a security exploitation tool that targets Redash, an open-source data visualization platform. The tool leverages a configuration vulnerability in Redash's default PostgreSQL setup to perform two critical attacks. It can execute arbitrary system commands on the database server...
GO-2026-4448 Gogs's update .git/config file allows remote command execution in gogs.io/gogs
Gogs's update .git/config file allows remote command execution in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files,...
PT-2026-20301
Name of the Vulnerable Software and Affected Versions Dell SmartFabric OS10 Software versions prior to 10.5.6.12 Description Dell SmartFabric OS10 Software is affected by an issue related to improper neutralization of special elements used in a command, potentially leading to command execution. A...
VulnCheck KEV: CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2026-2527
A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...
Malicious code in dns-execution-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fc1fd65caa9c7f199fba16c9d3772c7db895ed78b29130a7ddc3347a4b34ba7 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-910 Malicious code in dns-execution-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fc1fd65caa9c7f199fba16c9d3772c7db895ed78b29130a7ddc3347a4b34ba7 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Exploit for CVE-2025-40552
CVE-2025-40552 and CVE-2025-40553 SolarWinds Web Help Desk Pre...