CVE-2026-5353

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

CVE-2021-33016

An attacker can gain full access read/write/delete to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS...

EUVD-2021-19735

Malware in sbrugna...

EUVD-2021-19737

Malware in sbrugna...

CVE-2024-30568

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter...

CVE-2021-33014

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS...

MAL-2025-2866 Malicious code in clay-c4 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in clay-c4 (npm)

--- -= Per source details. Do not edit below this line.=-...

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming...

NETGEAR R6850 c4-IPAddr Parameter Command Injection Vulnerability

The NETGEAR R6850 is a wireless router from NETGEAR. The NETGEAR R6850 suffers from a command injection vulnerability that stems from the c4-IPAddr parameter failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit this vulnerability to cause...

CVE-2024-30568

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter...

CVE-2024-30568

Netgear R6850 router, firmware v1.1.0.88, is affected by a command injection vulnerability in the ping_test function triggered via the c4_IPAddr parameter. The issue arises because input is not properly validated/filtered, allowing an unauthenticated attacker to inject arbitrary system commands, ...

CVE-2024-30568

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter...

br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5), cn.herodotus.engine:oauth2-sdk-authentication (>=3.0.6.4 <=3.1.1.3) +314 more potentially affected by CVE-2023-34035 via org.springframework.security:spring-security-config (>=6.1.0 <=6.1.1)

org.springframework.security:spring-security-config MAVEN version =6.1.0, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =0.1.0, =6.1.11, =6.1.11, =7.0.0, =7.0.0, =6.1.11, =6.1.11, =6.2.0 and more Source cves: CVE-2023-34035 Source advisory: OSV:GHSA-4VPR-XFRP-CJ64...

Inexistent Prevention of Duplicates

Lines of code Vulnerability details Impact The CollateralConfig::initialize function which instantiates the contract's state does not prevent duplicate collateral entries from being specified which can occur undetected. If the system is setup with duplicate collateral entries, the Ethos Core...

Wrongly implemented modifier allow everybody to mint Rabbit Hole tickets.

Lines of code Vulnerability details Impact As specified on RabbitHole C4 contest page, RabbitHoleTickets smart contract 'is an 1155 reward contract used by the RabbitHole team.' Meaning that the assets managed by this smart contract have value. Moreover this contract implements ERC-2981: NFT...

Black Basta Ransomware Hackers Infiltrate Networks via Qakbot to Deploy Brute Ratel C4

The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot...

_claim function vulnerable to cross-chain-replay attacks

Lines of code Vulnerability details If there's a fork, since anyone can call claim, an attacker can monitor the blockchain for calls to claim, and then make the same call with the same arguments on the other chain. Proof of Concept There are no EIP-712 protections in the encoding: bytes32 leafHas...

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated wit...

CVE-2021-33014

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS...