MAL-2026-5875 Malicious code in myfirstpackagetestaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c05b4934471efac919453e87b37a94a9a92c930455283c0bfb85b535c61f4a6b During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

Malicious code in aaaazzzzaz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

MAL-2026-5874 Malicious code in aaaazzzzaz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

CVE-2026-5416

The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...

CVE-2026-5416 Command Injection via name parameter

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

EUVD-2026-37042

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

WordPress Premmerce Dev Tools plugin <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Remote Code Execution vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Premmerce Dev Tools versions = 2.0...

wireshark: Heap-based Buffer Overflow in Wireshark

A flaw was found in the RDP protocol dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a heap-based buffer overflow, resulting in a denial of service or potentially in code execution...

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.13 id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: |...

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

Unauthenticated Remote Code Execution – Bricks <= 1.9.6

Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks = 1.9.6 is vulnerable to unauthenticated remote code execution RCE which means that anybod...

Barco/AWIND OEM Presentation Platform - Remote Command Injection

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

Adobe ColdFusion - Pre-Auth Remote Code Execution

Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-29300 info:...

Sophos Web Appliance - Remote Code Execution

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. id: CVE-2023-1671 info: name: Sophos Web Appliance - Remote Code Execution author: Co5mos severity: critical description: | A pre-auth...

PHP CGI v5.3.12/5.4.2 Remote Code Execution

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to 1 CFIDE/administrator/settings/mappings.cfm, 2 logging/settings.cfm, 3 datasources/index.cfm, 4...

CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution

CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information,...

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...

ManageEngine - Remote Command Execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...