CVE-2026-5058 aws-mcp-server Command Injection Remote Code Execution Vulnerability

aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003240)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003240 advisory. The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

AZL-50154 CVE-2024-31228 affecting package redis for versions less than 6.2.16-1

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

SUSE CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

Backdoor.Win32.BlackAngel.13 MVID-2024-0695 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d1523df44da5fd40df92602b8ded59c8.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.BlackAngel.13 Vulnerability: Unauthenticated Remote Command Execution Description...

Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0fe8f37543e8face08941899add38e35.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Nightmare.25 Vulnerability: Unauthenticated Remote Command Execution Family:...

DEBIAN-CVE-2023-41000

GPAC through 2.2.1 has a use-after-free vulnerability in the function gfbifsflushcommandlist in bifs/memorydecoder.c...

UBUNTU-CVE-2023-41000

GPAC through 2.2.1 has a use-after-free vulnerability in the function gfbifsflushcommandlist in bifs/memorydecoder.c...

CVE-2022-21796

A memory corruption vulnerability exists in the netserver parsecommandlist functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability...

Reolink RLC-410W 缓冲区错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A security vulnerability exists in Reolink RLC-410W in version v3.0.0.13620121102, which stems from the fact that the product parsecommandlist function does not properly validate the input data. An attacker could cause out-of-bounds...

Sak1To-Shell - Multi-threaded C2 Server And Reverse Shell Client Written In Pure C

Multi-threaded c2 server and reverse TCP shell client written in pure C Windows. Command list: list: list available connections. interact id: interact with client. download filename: download a file from client. upload filename: upload a file to client. background: background client. exit:...

PT-2020-6514 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to the implementation of the WEB CmdFileList function in the D-Link DAP-2020 Wi-Fi access point's firmware, which fails to neutralize special elements used in operating syste...

PRETty - "PRinter Exploitation Toolkit" LAN Automation Tool

PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET againt each individual printer, PRETty will automatically discover and run choosen PRET payloads against all printers on the target network. Additionally, PRETty can ...

Master IP CAM 01 - Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits Exploit Title: Master IP CAM 01 Multiple Vulnerabilities Date: 17-01-2018 Remote: Yes Exploit Authors: Daniele Linguaglossa, Raffaele Sabato Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89 Vendor: Master IP CAM Version:...

DEBIAN-CVE-2017-5577

The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service incorrect pointer dereference and OOPS via inconsistent size valu...

UBUNTU-CVE-2017-5577

The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service incorrect pointer dereference and OOPS via inconsistent size valu...

DEBIAN-CVE-2016-2197

QEMU aka Quick Emulator built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure FIS and Command List Block CLB entries. A privileged user inside guest could use this flaw to crash the QEMU process instanc...