30762 matches found
MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE
Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...
MAL-2026-1092 Malicious code in jwrincident (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in jwrincident (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Exploit for OS Command Injection in Motioneye_Project Motioneye
CVE-2025-60787 Detection Rules Detection content for CVE-20...
CVE-2026-1626
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...
CVE-2026-1627
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...
AZL-78497 CVE-2026-28417 affecting package vim 9.1.1616-1
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
CVE-2026-28417
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
CVE-2026-28417
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
CVE-2026-28417
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in...
k8s-container-escape-lkm
🛠️ Kernel Module Reverse Shell – Privileged Container Escape P...
Vulnerabilities affecting SICK LMS1000 and SICK MRS1000
Two vulnerabilities affect the SICK LMS1000 and SICK MRS1000 product families. The vulnerabilities allow the use of weak cryptographic configurations in the SSH service, which may enable an attacker with network access to observe, manipulate, or compromise the integrity of SSH communications. SIC...
EUVD-2026-9008
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...
EUVD-2026-9009
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...
CVE-2026-1627
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...
CVE-2026-1626
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...
CVE-2026-1626
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...
CVE-2026-1627
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...
CVE-2026-1627
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...