CVE-2026-5058 aws-mcp-server Command Injection Remote Code Execution Vulnerability

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003240)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003240 advisory. The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow...

The vulnerability of the dc_dmub_srv_cmd_run_list() function in the DRI driver for AMD graphics cards with Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the dcdmubsrvcmdrunlist function in the DRI driver for AMD graphics cards with Linux operating systems is related to the lack of checking the return value. Exploiting this vulnerability can allow an attacker to cause a service failure...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

AZL-50154 CVE-2024-31228 affecting package redis for versions less than 6.2.16-1

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

SUSE CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

Backdoor.Win32.BlackAngel.13 MVID-2024-0695 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d1523df44da5fd40df92602b8ded59c8.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.BlackAngel.13 Vulnerability: Unauthenticated Remote Command Execution Description...

Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0fe8f37543e8face08941899add38e35.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Nightmare.25 Vulnerability: Unauthenticated Remote Command Execution Family:...

The vulnerability of the `netserver parse_command_list` function in the Reolink RLC-410W camera’s software allows a intruder to trigger a service failure.

The vulnerability of the netserver parsecommandlist function in the Reolink RLC-410W IP camera software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure remotely...

DEBIAN-CVE-2023-41000

GPAC through 2.2.1 has a use-after-free vulnerability in the function gfbifsflushcommandlist in bifs/memorydecoder.c...

UBUNTU-CVE-2023-41000

GPAC through 2.2.1 has a use-after-free vulnerability in the function gfbifsflushcommandlist in bifs/memorydecoder.c...

CVE-2022-21796

A memory corruption vulnerability exists in the netserver parsecommandlist functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability...

Reolink RLC-410W 缓冲区错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A security vulnerability exists in Reolink RLC-410W in version v3.0.0.13620121102, which stems from the fact that the product parsecommandlist function does not properly validate the input data. An attacker could cause out-of-bounds...

Sak1To-Shell - Multi-threaded C2 Server And Reverse Shell Client Written In Pure C

Multi-threaded c2 server and reverse TCP shell client written in pure C Windows. Command list: list: list available connections. interact id: interact with client. download filename: download a file from client. upload filename: upload a file to client. background: background client. exit:...

PT-2020-6514 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to the implementation of the WEB CmdFileList function in the D-Link DAP-2020 Wi-Fi access point's firmware, which fails to neutralize special elements used in operating syste...

PRETty - "PRinter Exploitation Toolkit" LAN Automation Tool

PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET againt each individual printer, PRETty will automatically discover and run choosen PRET payloads against all printers on the target network. Additionally, PRETty can ...

Master IP CAM 01 - Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits Exploit Title: Master IP CAM 01 Multiple Vulnerabilities Date: 17-01-2018 Remote: Yes Exploit Authors: Daniele Linguaglossa, Raffaele Sabato Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89 Vendor: Master IP CAM Version:...

DEBIAN-CVE-2017-5577

The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service incorrect pointer dereference and OOPS via inconsistent size valu...