CVE-2021-47949

CVE-2021-47949 affects CyberPanel 2.1 and enables authenticated remote code execution via a symlink attack in the filemanager endpoint. An attacker can modify the completeStartingPath in POST requests to /filemanager/controller to create symbolic links, read sensitive files (e.g., database creden...

CVE-2021-47949 CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47943

TextPattern CMS 4.8.7 is affected by a remote code execution (RCE) vulnerability exploitable via file upload. The flaw allows authenticated attackers to upload PHP files (a PHP shell) through the Files section in the content area and trigger code execution by accessing the uploaded file at /textp...

CVE-2021-47936 OpenCATS 0.9.4 Remote Code Execution via Resume Upload

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...

MAL-2026-3420 Malicious code in noon-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3409 Malicious code in mw-filesystem-events-nodream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3da27e815b33bf88dc4fb31bc8b5558501b65ded9de77aab08e7ae785c2c38b The package mw-filesystem-events-nodream was found to contain malicious code. Source: ossf-package-analysis...

Canias ERP 命令注入漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a command injection vulnerability. This vulnerability stems from the operation of the...

Malicious code in apple-mycelium-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e69a2534c8bb0842243808b87451a399a8fc121ee56e755a33627f21035f8e33 The package apple-mycelium-fix was found to contain malicious code. Source: ghsa-malware...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

CVE-2026-3828

The CVE affects some Hikvision switch products (discontinued since December 2023) and is caused by insufficient input validation enabling authenticated remote command execution. With valid credentials, an attacker can send crafted packets containing malicious commands to affected devices, resulti...

EUVD-2026-28908

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

SUSE CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

tgpt 注入漏洞

tgpt is a cross-platform command line AI tool by Andrew Personal Developer. An injection vulnerability exists in tgpt 2.11.1 and earlier versions on Linux/macOS, which stems from the function helper.Update in the file helper.go in the component Update Handler, and could lead to command injection...

PT-2026-39325

Name of the Vulnerable Software and Affected Versions Hikvision switch products affected versions not specified Description Certain Hikvision switch products, discontinued since December 2023, contain a flaw allowing authenticated remote command execution. This issue stems from insufficient input...

MAL-2026-3421 Malicious code in oneblk-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb The package oneblk-design-system was found to contain malicious code. Source: ossf-package-analysis...

Arbitrary Argument Injection

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Arbitrary Argument Injection via the openFileWithEditor process. An attacker can execute arbitrary commands on the user's system by crafting a malicious filename...

Malicious code in money-badger-open-rpc-test-bugbount (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35c3ecacb08f3cfb0b165eadaafd3a0d6acfffc34898a6149370c8cc9ba3843e The package money-badger-open-rpc-test-bugbount was found to contain malicious code. Source: ossf-package-analysis...