Malicious code in uhd-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 358eee34aaba61eaa93e977d35a18f35f59a56527d7c20b6e9a0bdf9c4a0a8da The OpenSSF Package Analysis project identified 'uhd-setup' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5287 Malicious code in uhd-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 358eee34aaba61eaa93e977d35a18f35f59a56527d7c20b6e9a0bdf9c4a0a8da The OpenSSF Package Analysis project identified 'uhd-setup' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

Kernel-Exploit-Dojo-127

Kernel-Exploit-Dojo-127 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-243

Kernel-Exploit-Dojo-243 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-239

Kernel-Exploit-Dojo-239 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-255

Kernel-Exploit-Dojo-255 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-866

Kernel-Exploit-Dojo-866 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-283

Kernel-Exploit-Dojo-283 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-962

Kernel-Exploit-Dojo-962 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-822

Kernel-Exploit-Dojo-822 CTF kernel exploitation notes, PoCs,...

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

Trendnet AC2600 TEW-827DRU - Credentials Disclosure

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. id: CVE-2021-20150 info: name: Trendnet AC2600 TEW-827DR...

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. id: CVE-2022-23134 info: name: Zabbix Setup...

CVE-2026-37224

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

CVE-2026-3117

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

CVE-2026-8106

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...

CVE-2026-45004

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...