45048 matches found
Malicious code in currenttimerlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2c8597070407b25804a26b2e7245768836031c1686a98750599ba2ce1833d4aa During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3229 Malicious code in currenttimerlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2c8597070407b25804a26b2e7245768836031c1686a98750599ba2ce1833d4aa During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
Arbitrary Command Injection
Overview yii2-mcp-server is a MCP Server for Yii2 Framework - Database schema inspection, command execution, and project management Affected versions of this package are vulnerable to Arbitrary Command Injection via the yiicommandhelp or yiiexecutecommand functions in the MCP Interface. An attack...
MAL-2026-3226 Malicious code in timesmcp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 85630b024b2eb06c5002dd3ac72fa8bf4733f08d34de10bf0eca0851bf2d9f86 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
CVE-2026-7600
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...
RLSA-2026:11389 Important: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
MAL-2026-3311 Malicious code in path-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba1a7df799b6bd11bd036f1cfb1de6b1dfe0e4e72082be1b8a60537a59e5ae58 path-addon impersonates the Node.js core path module package name path-addon, README claims to be 'an exact copy of the NodeJS path module'. The body...
EUVD-2026-26701
A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...
PT-2026-36852
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.5 Description A critical sandbox escape exists in the vm2 library, which is used to run untrusted JavaScript code in Node.js applications. This issue allows an attacker to break out of the restricted environment and...
CVE-2026-6543
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...
CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
CVE-2026-7551
The CVE describes a remote code execution vulnerability in HKUDS OpenHarness exposed via the /bridge command. An attacker-enabled /bridge spawn command can forward attacker-controlled text to the bridge session manager and execute commands through the shared shell subprocess helper, allowing shel...
EUVD-2026-26448
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...
CVE-2026-7461
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...
CVE-2026-7461
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...
RLSA-2026:11509 Important: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
vim security update
An update is available for vim. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...
OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username
A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...
Important: Red Hat Security Advisory: openssh security update
An update for openssh is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...