CVE-2026-1627

The CVE concerns the SSH service on a device using outdated/weak MAC algorithms, which can undermine the integrity of an SSH session. The underlying issue is the use of weak MACs during authenticated network traffic, enabling a potentially attacker-controlled manipulation of transmitted data if t...

CVE-2026-1626

Technical details about CVE-2026-1626 are not publicly provided in the supplied documents. No specifics on affected products, versions, root cause, or remediation are included. Monitor for updates from official sources.

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...

CVE-2026-27635

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

PT-2026-22416

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0073 Description Vim is a command line text editor. A flaw exists in the netrw standard plugin bundled with Vim. An attacker can potentially execute arbitrary shell commands with the privileges of the Vim process by...

PT-2026-22321

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic...

SICK LMS1000和SICK MRS1000 安全漏洞

SICK LMS1000 and SICK MRS1000 are products from the German company SICK. SICK LMS1000 is a lidar sensor. SICK MRS1000 is a 3D lidar sensor. Both SICK LMS1000 and SICK MRS1000 have security vulnerabilities. These vulnerabilities stem from the use of CBC-based weak password suites in the device’s S...

📄 ZAI-Shell P2P Command Injection

This Metasploit module targets a command injection vulnerability in ZAI-Shell when running in noaimode. The exploit communicates over a plaintext P2P protocol default port 5757 and sends crafted JSON messages to execute arbitrary system commands on the target. The module includes an enhanced...

Vim 安全漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0073 contained security vulnerabilities. These vulnerabilities stemmed from the netrw plugin, which had a vulnerability related to operating system command injection. This could allow...

Devolutions PowerShell Universal 安全漏洞

Devolutions PowerShell Universal is a comprehensive PowerShell platform developed by the Canadian company Devolutions. Versions of Devolutions PowerShell Universal prior to 2026.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the storage of OIDC client keys in plaintext...

CLSA-2026-1772146735 python: Fix of CVE-2015-20107

CVE-2015-20107: fix shell command injection vulnerability in the mailcap module...

Malicious Package

Overview clawdist is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

Malicious Package

Overview clawdest is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...

CVE-2026-27966

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

Docker Desktop < 4.43.0 Information Disclosure

The version of Docker Desktop is prior to 4.43.0. It is therefore affected by an information disclosure vulnerability. - System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information...

PT-2026-44418

Name of the Vulnerable Software and Affected Versions Archer C64 v1 Description Improper enforcement of authentication rate-limiting on a debug SSH service allows unlimited authentication attempts. Because the SSH service uses the same credentials as the web interface, an attacker with adjacent...

EUVD-2026-8766

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

CVE-2026-27635

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...