273559 matches found
CVE-2026-13545
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...
Exploit for OS Command Injection in Devcode Openstamanager
No d...
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, an...
CVE-2026-13545 D-Link DCS-935L POST Parameter setconf.cgi sub_400E40 os command injection
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...
CVE-2026-13545
A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub400E40 of the file setconf.cgi of the component POST Parameter Handler. Such manipulation of the argument UID leads to os command injection. The attack can be launched remotely. The exploit has been disclosed ...
CVE-2026-13538
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...
Malicious code in checkmarx-claude-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cbdcac8329a6ad9662ef7af8e0f68cd616f5451dc0a1fce9d2bcab5a7943c8a Package name and description impersonate the Checkmarx security vendor checkmarx-claude-cache, "Checkmarx caching setup for Claude Fable access" but...
MAL-2026-6576 Malicious code in checkmarx-claude-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cbdcac8329a6ad9662ef7af8e0f68cd616f5451dc0a1fce9d2bcab5a7943c8a Package name and description impersonate the Checkmarx security vendor checkmarx-claude-cache, "Checkmarx caching setup for Claude Fable access" but...
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps...
Malicious code in int_sezzle_sfra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16242285e7dabb5a109f61e97ab52c05ad80ea9b8f326a706c3228268536e80d package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host reconnaissance from the installer...
MAL-2026-6577 Malicious code in int_sezzle_sfra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16242285e7dabb5a109f61e97ab52c05ad80ea9b8f326a706c3228268536e80d package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host reconnaissance from the installer...
CVE-2026-13538 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_401D68 command injection
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...
CVE-2026-13538
The CVE concerns Wavlink WL-NU516U1-A (M16U1_V240425) with a vulnerability in /cgi-bin/wireless.cgi, function sub_401D68, within the POST Parameter Handler. Manipulating arguments SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 leads to command injection. Remote exploitation is possible, and an exploit has ...
CVE-2026-13538
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...
EUVD-2026-40036
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...
perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access
A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...
perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob
A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.320 Vulnerability Details CVEID:CVE-2026-42009 DESCRIPTION: A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Securit...
aysec-cheatsheets
AYSEC Security Cheatsheets A free, practical collection of...
PT-2026-53208
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1 V240425. The affected element is the function sub 401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...