dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

RHEL 9 : dovecot (RHSA-2026:17625)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17625 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

EUVD-2026-25970

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

EUVD-2013-4027

Malware in sbrugna...

EUVD-2024-19466

Malicious code in bioql PyPI...

CVE-2025-35004

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument...

CVE-2025-35010

The CVE-2025-35010 entry concerns Microhard BulletLTE-NA2 and IPn4Gii-NA2 gateway devices. A post-authentication command injection flaw in the AT+MNPINGTM command, caused by improper neutralization of argument delimiters (CWE-88), can lead to privilege escalation. Documents confirm affected compo...

CVE-2020-27220

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configure...

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

CVE-2024-21855

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-48825

Tenda AC7 v.15.03.06.44 ateifconfigset has pre-authentication command injection allowing remote attackers to execute arbitrary code...

CVE-2023-32223

D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method...

CVE-2022-37902

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage NAS devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using differe...

Exploit for Improper Authentication in Microsoft

CVE-2020-0688EXP CVE-2020-0688EXP Auto trigger payload...

CVE-2019-15715

MantisBT (web-based defect tracker) prior to versions 1.3.20 and 2.22.1 is affected by CVE-2019-15715, a Post Authentication Command Injection that leads to Remote Code Execution. The vulnerability requires authentication and can result in high-severity impact (CVE indicates remote code execution...

Remote Code Execution (RCE)

memcached is vulnerable to integer overflow vulnerability. Attackers could send a specially crafted authentication command of Memcached binary protocol which may cause heap overflow and lead to remote code execution...

Imperva SecureSphere 13 - Remote Command Execution

Imperva SecureSphere 13 - Remote Command Execution Title: Imperva SecureSphere 13 - Remote Command Execution Author: rsp3ar Date: 2018-10-08 Vendor: https://www.imperva.com/products/securesphere/ CVE: N/A Version: 13.0.10, 13.1.10, 13.2.10 Tested on: SecureSphere Virtual Appliance Description PWS...

TP-Link TL-WR841N v13 Authentication Command Injection Vulnerability

The TP-Link TL-WR841N v13 is a wireless router device. An authentication command injection vulnerability exists in the TP-Link TL-WR841N v13 ping and traceroute functions. An authenticated attacker can execute arbitrary commands on the router by sending specific CREST HTTP requests to the router...