MAL-2026-849 Malicious code in jsonconfig-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 883897a307b53ac17e981eac46b8d6f8c31d88fc2628c6d57c5f7f191ed84b81 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

D-Link DIR-600 Command Injection Vulnerability

The D-Link DIR-600 is a wireless router from China's AUO D-Link. A command injection vulnerability exists in D-Link DIR-600 2.15WWb02 and earlier versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter...

CVE-2024-26479

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...

pgAdmin < 9.12 Command Execution (GHSA-3p7x-94q9-jq9x)

The version of pgAdmin installed on the remote host is prior to 9.12. It is, therefore, affected by command execution vulnerability: - pgAdmin versions prior to 9.12 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performin...

METIS DFS 安全漏洞

METIS DFS is a data processing software developed by the Greek company METIS. Versions of METIS DFS 2.1.234-r18 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /console endpoint, which exposed a web-based shell without authentication requirements. This could...

CVE-2024-26479

CVE-2024-26479 affects Statping-ng v0.91.0. The issue allows an attacker to obtain sensitive information by sending a crafted request to the Command execution function. No additional technical details (e.g., affected subcomponents, root cause, or exact exploit path) are provided in the supplied d...

statping-ng 安全漏洞

Statping-ng is an open-source server monitoring software developed by Statping-ng. Version 0.91.0 of Statping-ng contains a security vulnerability. This vulnerability stems from improper handling of specially crafted requests to the command execution function, which may lead to the disclosure of...

PT-2026-7653

Name of the Vulnerable Software and Affected Versions Statping-ng version 0.91.0 Description An issue exists that allows an attacker to obtain sensitive information via a crafted request to the Command execution function. The issue is present in the Command execution function. Recommendations At...

CVE-2024-26479

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...

PT-2026-7597

METIS WIC devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root UID 0 privileges. This results in full system compromis...

CVE-2024-26479

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...

PT-2026-7598

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

MAL-2026-847 Malicious code in requests-auth-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 03bb4c04410c4e3c58d7292eb47f8f76a2fbe5265abea29826ac910e890350d0 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

MAL-2026-839 Malicious code in search-newfrontier-podlet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6e41804eeb58691ca7b68763c0db9e48636ffeb9d7020d95bbc9d9e9aec6e76 The package search-newfrontier-podlet was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-52436

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...

CVE-2025-52436

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...

CVE-2025-52436

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...

CVE-2025-52436

Fortinet FortiSandbox contains an input handling flaw (CWE-79) that permits an unauthenticated attacker to execute commands via crafted requests, across FortiSandbox 4.0–4.7.x and 5.0.0–5.0.1. The description notes Cross-site Scripting as the underlying issue and lists impacted versions; no remed...

MAL-2026-825 Malicious code in devtools-webhook-cicd-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 807557cb6ac51aece00eeb28f55b89815176c95172780dcdded46b667f843771 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...