CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

MAL-2026-1457 Malicious code in tracking-service-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbea868891563a569959fb4cb0283257c07da112b0e854b53431157e0a12af57 The package tracking-service-config was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1455 Malicious code in native_dep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf8cbbcc5fef314cdaa3a8b8c2d15e298a0c5f1c444084cc36a8dc36a95b7da1 The package nativedep was found to contain malicious code. Source: ghsa-malware 96b85414b77cb51face1caae1f5ab5ab4ba386fb95ba1c8594ac3ce47a6cb19d Any...

PT-2026-25504

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

Unsafe Reflection

Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Unsafe Reflection via the Referrer-Policy header handled by RefererMiddleware. An attacker can execute...

EUVD-2026-11774

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...

CVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...

Malicious code in @immuta/flag-providers-web (npm)

Malicious package due to data exfiltration, command execution, and suspicious install scripts. Gathers system info and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041967637fd096ee4ba0091769b628c2c7da4bd4a60f38a6b4e3ba5cea9cf788 T...

MAL-2026-1382 Malicious code in @immuta/flag-providers-web (npm)

Malicious package due to data exfiltration, command execution, and suspicious install scripts. Gathers system info and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041967637fd096ee4ba0091769b628c2c7da4bd4a60f38a6b4e3ba5cea9cf788 T...

Malicious code in @immuta/feature-flags-core (npm)

Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...

MAL-2026-1381 Malicious code in @immuta/feature-flags-core (npm)

Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...

MAL-2026-1383 Malicious code in @immuta/pxl-components (npm)

Malicious package due to data exfiltration, arbitrary command execution, and suspicious install scripts targeting dependency confusion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d86f67d7f931d0f720838a4bda33d56a54a5502b29ebe3e1094a984041b7a2 The package...

Malicious code in @immuta/pxl-components (npm)

Malicious package due to data exfiltration, arbitrary command execution, and suspicious install scripts targeting dependency confusion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d86f67d7f931d0f720838a4bda33d56a54a5502b29ebe3e1094a984041b7a2 The package...

Red Hat Enterprise Linux 访问控制错误漏洞

Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat Corporation in the United States. Red Hat Enterprise Linux 10 contains an access control vulnerability, which stems from improper access control mechanisms and could lead to the execution of arbitrary...

EUVD-2026-11659

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the setconfig function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

CVE-2026-3841

A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...

CVE-2026-26791

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enableechoserver function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2026-3841

CVE-2026-3841 describes a command-injection vulnerability in the Telnet CLI of TP-Link TL-MR6400 (v5.3). The issue arises from insufficient sanitization of data during specific CLI operations. An authenticated attacker with elevated privileges can execute arbitrary system commands, potentially co...