MAL-2026-200 Malicious code in wac-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0642cdcd4abbaddae08f167b77852150ee23b0b9b363fd7495df86b998a43533 The package wac-react was found to contain malicious code. Source: ghsa-malware 0ccbbe4984cb82022ab6dafda5531ee164a8b7554a4796e3936432f0e17bc8d6 Any...

MAL-2026-188 Malicious code in shopping-cart-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a35497d79077eb5f8f79659d420f79568f9fcf905b9ab2f2cceb043eb6eba574 The package shopping-cart-service was found to contain malicious code. Source: ghsa-malware...

PT-2026-2221

Name of the Vulnerable Software and Affected Versions OpenProject versions 16.6.1 and below Description OpenProject is a web-based project management software. A registered administrator can execute arbitrary commands by configuring the sendmail binary path and sending a test email. The issue...

CVE-2025-69425

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

CVE-2025-46644

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization...

CVE-2025-46645

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralizatio...

CVE-2025-46645

Dell PowerProtect Data Domain with DD OS is affected by OS Command Injection due to improper neutralization of special elements. A high-privilege attacker with remote access could execute commands, potentially impacting confidentiality, integrity, and availability as described. Affected releases ...

CVE-2025-69425 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

CVE-2025-46644

Dell PowerProtect Data Domain (DD OS) affected ranges: Feature Release 7.7.1.0–8.4.0.0, LTS2025 8.3.1.10, LTS2024 7.13.1.0–7.13.1.40, LTS2023 7.10.1.0–7.10.1.70. Description: OS Command Injection vulnerability due to improper neutralization of special elements in commands. Impact: a highly privil...

CVE-2025-46644

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization...

CVE-2014-4307

SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter...

CVE-2023-25759

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...

CVE-2023-43206

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function webcertdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter...

CVE-2023-29839

A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...

CVE-2023-29721

SofaWiki = 3.8.9 has a file upload vulnerability that leads to command execution...

CVE-2023-50917

MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager...

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

CVE-2023-50011

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field...

CVE-2023-49898

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

CVE-2023-49409

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet...