1214 matches found
Malicious code in @depro-tech/cortana-md (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab02cdce682fe76e6709fc00a3df615b366f38ed30270f635ddca7b122275fc The package @depro-tech/cortana-md was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-11655
A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...
CVE-2026-3841
A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...
CVE-2026-3841 Command Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400
A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...
CVE-2026-3841
A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...
MAL-2026-1352 Malicious code in jinja-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e79b3bda068fff4a0d32858209d995e311925bda047742e96a1c4bd5424083a The package jinja-template was found to contain malicious code. Source: ghsa-malware 777241a05ff1b9cafa5358e6127f852378179af0ed1c2c6c1ccea769cd94b398...
Malicious code in polygon-gamma-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe3f588073fea9d33a70fcdffbe2466af2886a8bf5227c8e3256235aca46899 The package polygon-gamma-api was found to contain malicious code. Source: ghsa-malware...
CVE-2025-41767
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
CVE-2025-41766
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
EUVD-2025-208378
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
EUVD-2025-208380
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
EUVD-2025-208379
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41767
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...
CVE-2025-41766
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766 Stack buffer overflow on parsing web request
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41766
The CVE-2025-41766 issue is a stack-based buffer overflow found while parsing web requests via the ubr-network method. A low-privileged remote attacker can exploit a crafted HTTP POST to trigger the overflow, leading to full device compromise. Documented details include the vulnerability type, at...
CVE-2025-41766 Stack buffer overflow on parsing web request
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise...
CVE-2025-41758 Arbitrary Write with wwwupload.cgi
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...