PT-2026-26039

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

Security Bulletin: Multiple Vulnerabilities in IBM Operator for Apache Flink

Summary Multiple vulnerabilities were addressed in IBM Operator for Apache Flink version 1.4.5 Vulnerability Details CVEID:CVE-2021-39194 DESCRIPTION: kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide...

EUVD-2021-34730

COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...

CVE-2025-64057

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts...

Malicious code in poglymer-oggh-aghgian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b88fcc22fbebc31741497dfdc21ec6680c3ffd164f8562bf1eca7e5a0910370 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-152651 Malicious code in andriani-poke18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b719995963b7e84e28a17bbea93ff0f091944fbcf3109cfd58ad0f66417a4b1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in alvira-52 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4ca453f39778c55d686e2432b95dffbd18b4861324625b6f1636b0bbfc463d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-168122 Malicious code in tealove-boy17 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1953f026f62b1555c32d395a28bef9d55cb678826a69ac9a34cbe228a8b33b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-90261 Malicious code in rudi-keripik34-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e069ead143614798c44ef051fc1fc0ebf53c7746c9e757f30ea13ac357318e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-69539 Malicious code in national-brown-chickadee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b1204eba7cafa0e4a5fba8172b6d99e52a6665814665456d648b7f9cf723361 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-56894 Malicious code in irma-papeda48-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af80ca83ef561170bbeedfb871cfb30630acfb417b2d7564f0675f4cf35fc0f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-54643 Malicious code in rifqi-rangi49-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecbdd495ce185b15a6890a48e0736ecc6dbc3977f6c50b246906f56d1616b6e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-53036 Malicious code in joko-takokak71-pore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5242f4bad2527fcdd593e09e1516143c385b4b8f7b5ac369f9a4f4a1093800de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2024-20414

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration...

CVE-2024-41720

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device...

Zexeron ZWX-2000CSW2-HN 安全漏洞

The Zexeron ZWX-2000CSW2-HN is a high-speed coaxial modem from Zexeron Japan. A security vulnerability exists in the Zexeron ZWX-2000CSW2-HN prior to version 0.3.15, which stems from the presence of incorrect privilege assignments for critical resource issues, which could allow a network-adjacent...

Design/Logic Flaw

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

VulnCheck KEV: CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise...

CVE-2022-34840

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier,...

CVE-2021-3616

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651...