Siklu EtherHaul Series EH-8010 - Remote Command Execution

Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 - Andrew James Vendor Homepage: https://www.ceragon.com/products/siklu-by-ceragon Software Link: ftp://ftp.bubakov.net/siklu/ Version: EH-8010 and...

Malicious code in uitil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff0b75197d8e7cd361d61461260811fba8920c54b8538cb5f21ec2fc1c885ec3 The package implements an undocumented way to execute code hidden in image files, and a function that searches for images in the current directory and attempts...

Missing Authentication for Critical Function

Overview @mcpjam/inspector is a MCPJam Inspector Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the connect route in the HTTP API. An attacker can execute arbitrary commands on the host system by sending a crafted HTTP request containing...

CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2026-23523

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

CVE-2026-23523

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

CVE-2026-23523 Dive allows One-click Remote Code Execution through Deep Links for MCP Install

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

EUVD-2026-3125

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

CVE-2026-23523

Dive (MCP Host Desktop Application) prior to version 0.13.0 is affected. A crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation, leading to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0...

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021

Apache bRPC CVE-2025-60021 is a remote command injection in the heap profiler built-in service (/pprof/heap) affecting all versions

MiracleLinux 7 : rh-mysql56-mysql-5.6.37-5.el7 (AXSA:2017-2301:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2301:01 advisory. An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote...

PT-2026-3261

Name of the Vulnerable Software and Affected Versions Dive versions prior to 0.13.0 Description Dive is an open-source MCP Host Desktop Application that integrates with function-calling LLMs. A crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user...

Hanwha Vision Camera Improper Input Validation (CVE-2025-52600)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the...

MiracleLinux 7 : vim-7.4.160-6.el7 (AXSA:2019-3915:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3915:02 advisory. vim/neovim: ':source!' command allows arbitrary command execution via modelines CVE-2019-12735 Tenable has extracted the preceding description block directly...

MiracleLinux 4 : sudo-1.8.6p3-29.AXS4 (AXSA:2017-1709:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-1709:03 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

MiracleLinux 4 : rh-mysql56-mysql-5.6.37-5.AXS4 (AXSA:2017-2302:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2302:01 advisory. An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote...

MiracleLinux 4 : patch-2.6-8.AXS4 (AXSA:2018-2973:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2973:01 advisory. patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 Tenable has extracted the preceding description block directly from the...

Dive code injection vulnerability

Dive is a desktop application for MCP hosts, open-sourced by OpenAgentPlatform. Versions of Dive prior to 0.13.0 contained a code injection vulnerability. This vulnerability stemmed from specially crafted deep links that allowed the installation of MCP server configurations controlled by attacker...

MiracleLinux 7 : sudo-1.8.6p7-23.el7 (AXSA:2017-1708:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-1708:02 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...