43052 matches found
MAL-2026-3123 Malicious code in apple-app-store-server-library-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6b57befbd248b884d81978566bd3d4a57ef499f1eb8f8f66c00dc02e76588c The package apple-app-store-server-library-poc was found to contain malicious code. Source: ghsa-malware...
Malicious code in @pyme-web/web-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e52ac4b8d97b81cff5824f4ddc38897183df4e20ecd3f1e7df62e8f6645f236a The package @pyme-web/web-api was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-25865
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...
CVE-2026-41462
ProjeQtor is affected by an unauthenticated SQL injection in the login functionality for versions 7.0–12.4.3, where the login input is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL via the username field at the authentication e...
Malicious code in @activation_code/success (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d00bacff8cfa3ae8a22cfb51c4be0ad025ce42bc29929c07a7eaad6be36c702c The package @activationcode/success was found to contain malicious code. Source: ghsa-malware...
Malicious code in @business_promocode/cancel_promocode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 002798d60b98859a68bc9daf0ebaf7794b8d83973b69fb4c8bfe9979f685e51d The package @businesspromocode/cancelpromocode was found to contain malicious code. Source: ghsa-malware...
Malicious code in @business_promocode/apply_promocode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5adac459fd1c8fca06e818942c9a98e6f798828163fadd996266ae7660132ae7 The package @businesspromocode/applypromocode was found to contain malicious code. Source: ghsa-malware...
Malicious code in @apple-pay-trust/finish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9abd2d210c4a5df0e95f326e80b2e6618647c03ba4158e1d6ffbd36d9f7b800a The package @apple-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...
Malicious code in @apiary-annex/title (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a21d55a19694bb77a748bff53e74597f9c1ed88df95f421975af40efe38a4183 The package @apiary-annex/title was found to contain malicious code. Source: ghsa-malware...
CVE-2026-7124 Totolink A8000RU CGI cstecgi.cgi setIpv6LanCfg os command injection
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. The attack ca...
CVE-2026-7123
CVE-2026-7123 affects Totolink A8000RU (firmware 7.1cu.643_b20200521) CGI Handler, specifically the file /cgi-bin/cstecgi.cgi function setIptvCfg. The vulnerability is a remote OS command injection caused by manipulation of the setIptvCfg argument. Public exploits exist, enabling remote attackers...
CVE-2026-33453
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...
MAL-2026-3124 Malicious code in apple-internal-dev-check (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
mcp-stdio-exploit
MCP STDIO Exploit: A Local Reimplementation Vulnerability...
CVE-2026-7066
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function execopenstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has...
CVE-2026-33277
An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...
CVE-2026-31255
A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...
📄 Vienna Assistant 1.2.542 macOS Privilege Escalation
A macOS helper service interface implemented via NSXPC was observed exposing methods that may allow privileged operations such as file writing and command execution through a remote proxy connection...
Apache Camel 安全漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...
CVE-2026-31255
A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...