43 matches found
CVE-2026-48708
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...
Malicious code in @entos-ems/xerxes-client-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5632d30e60b3bb5fc5d731458a7c2972bd356c3ec1a9e8064df135359ee4ec7b On npm install, package.json's preinstall: node index.js hook fires automatically and runs a reconnaissance beacon. index.js collects host identifier...
CVE-2026-5059
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...
CLSA-2026-1772103023 Fix CVE(s): CVE-2025-15367
SECURITY UPDATE: newline-based command injection in user-controlled commands - debian/patches/CVE-2025-15367.patch: Reject control characters in protocol commands; prevent acceptance and processing of control characters as cause of malformed commands. - CVE-2025-15367...
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support RS and Privileged Remote Access PRA products to conduct a wide range of malicious actions, including deploying VShell and Spark RAT. The vulnerability, tracked as...
CVE-2018-14993
The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZWASUSA009/ASUSA009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of...
CVE-2025-53710 Network boundaries not respected in certain Foundry namespaces.
Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed...
SUSE CVE-2025-40106
In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo operation async-mungechan %= async-cmd.chanlistlen without first checking if chanlistlen is zero. If a user program submits a command with...
EUVD-2001-0421
Malware in sbrugna...
EUVD-2002-1701
Malware in sbrugna...
EUVD-2006-1782
Malware in sbrugna...
EUVD-2015-7417
Malware in sbrugna...
EUVD-2017-17327
Malware in sbrugna...
EUVD-2020-24500
Malware in sbrugna...
EUVD-2001-0576
Malware in sbrugna...
EUVD-2019-6348
Malware in sbrugna...
EUVD-2023-26885
Malicious code in bioql PyPI...
EUVD-2021-7010
Malicious code in bioql PyPI...
Flexbyte Solar FTP Server 安全漏洞
Flexbyte Solar FTP Server is an FTP service from Flexbyte, Inc. A security vulnerability exists in Flexbyte Solar FTP Server that stems from improper handling of format strings when processing USER commands, which could lead to a denial of service...
CVE-2020-11131
u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM925...