LinkAce 注入漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had an injection vulnerability. This vulnerability stemmed from the database configuration process allowing attackers to control databases by...

Malicious code in @cloudplatform-single-spa/svp-pipeline (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/ml-ai-agents-trigger (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @car-loans/general-analytics (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Malicious code in @cloudplatform-single-spa/container-registry (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @mlspace/dtransfer-history (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

PT-2026-44403

Name of the Vulnerable Software and Affected Versions InHand Networks IR302 versions prior to V3.5.108 InHand Networks IR305 versions prior to V1.0.118 InHand Networks IR315 versions prior to V1.0.118 InHand Networks IR615 versions prior to V1.0.118 Description A command injection issue exists in...

Malicious code in @mlspace/dtransfer (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @mlspace/env-jupyter-server (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Zed 操作系统命令注入漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the terminal tool permissions system, which could be bypassed through bash arithmetic extensions, allowing...

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. Several products in the InHand IR Series have security vulnerabilities. These vulnerabilities stem from command injection in the Admin Access function, which may all...

Malicious code in @cloudplatform-single-spa/clickhouse (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @car-loans/referrer-module (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the IPSec VPN function. This vulnerability could allow attackers to gai...

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the WireGuard VPN function. This vulnerability may allow attackers to...

Malicious code in @cloudplatform-single-spa/dataplatform-clusters (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

Malicious code in @cloudplatform-single-spa/notification-gateway (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/vmmanager (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

PT-2026-44406

Name of the Vulnerable Software and Affected Versions InHand Networks IR302 versions prior to V3.5.108 InHand Networks IR305 versions prior to V1.0.118 InHand Networks IR315 versions prior to V1.0.118 InHand Networks IR615 versions prior to V1.0.118 Description A command injection issue exists in...