44717 matches found
CVE-2026-0654
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
USN-5376-6 git regression
USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could...
OpenClaw OS Command Injection Vulnerability (CNVD-2026-13372)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from a keychain credential refresh shell command constructed on macOS failing to properly filter constructed command special...
TP-Link Deco BE25 安全漏洞
The TP-Link Deco BE25 is a router produced by the TP-Link company. The TP-Link Deco BE25 v1.0, 1.1.1 Build 20250822, and earlier versions have security vulnerabilities. These vulnerabilities stem from improper handling of inputs in the management web interface, which may allow authenticated...
Chamilo 操作系统命令注入漏洞
Chamilo is a learning management system open source by Chamilo. Chamilo import.php file exists operating system command injection vulnerability , the vulnerability stems from /plugin/vchamilo/views/import.php POST tomaindatabase parameter fails to correctly filter constructive commands special...
OpenClaw has an unspecified vulnerability (CNVD-2026-13375)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that the confirmation dialog box for openclaw://agent deep links only displays the first 240 characters of the message but executes the full message,...
[SECURITY] [DSA 6153-1] lxd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6153-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 01, 2026 https://www.debian.org/security/faq -...
Malicious code in sketch-measure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c54126529b9da791496e58ec744f6b7fe4fe769258480802eb5a3dcbc017d0d8 The package sketch-measure was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1096 Malicious code in sketch-measure (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c54126529b9da791496e58ec744f6b7fe4fe769258480802eb5a3dcbc017d0d8 The package sketch-measure was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1095 Malicious code in jquery-display (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0873d8250c8747e1115c2866076509122f7e9ea8f4dde4dca4920d0f31f4874 The package jquery-display was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1092 Malicious code in jwrincident (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in jwrincident (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
AZL-78497 CVE-2026-28417 affecting package vim 9.1.1616-1
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...
Exploit for CVE-2026-28515
openDCIM - SQLi to RCE via Config Poisoning Remote code execu...
USN-5376-5 git regression
USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...
USN-5376-5: Git regression
USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...
MAL-2026-1060 Malicious code in @zinley/orion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb5209e6394eac2659ab3101809c2a59bf59a604346075a9d923de21d982812e The package @zinley/orion was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1061 Malicious code in newman-reporter-genuinepoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c199e603c75858879d1b49354696a66128d31c3160e22c6c2b105e146235fd The package newman-reporter-genuinepoc was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in newman-reporter-genuinepoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c199e603c75858879d1b49354696a66128d31c3160e22c6c2b105e146235fd The package newman-reporter-genuinepoc was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-24695
Summary: CVE-2026-24695 affects XWEB Pro (pre-1.12.1). An authenticated attacker can trigger an OS command injection to achieve remote code execution by injecting malicious input into OpenSSL argument fields in requests to the utility route. Impact is described as remote code execution with high ...