44 matches found
MAL-2026-6972 Malicious code in @vwfs-its/sf-sac-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41fd62df844e3fba17cb6200b0c9f2ce518a630677ed96f4cf0349b2a3eb7a3d On npm install, the package's preinstall hook node index.js collects installer host identity — hostname, OS user info, output of whoami and id, shell...
SUSE CVE-2026-26982
Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...
Malicious code in braintree-web-latest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72db908797ea8aa5f2c1c6d89356499ed46b677379648156e795ee3049b24b20 The package braintree-web-latest was found to contain malicious code. Source: ghsa-malware...
EUVD-2006-5935
Malware in sbrugna...
EUVD-2012-3427
Malware in sbrugna...
EUVD-2012-4476
Malware in sbrugna...
EUVD-2018-1804
Malware in sbrugna...
EUVD-2005-0947
Malware in sbrugna...
EUVD-2010-2674
Malware in sbrugna...
EUVD-2008-2181
Malware in sbrugna...
EUVD-2008-3587
Malware in sbrugna...
EUVD-2007-1411
Malware in sbrugna...
EUVD-2006-6370
Malware in sbrugna...
EUVD-2005-4054
Malware in sbrugna...
EUVD-2009-1608
Malware in sbrugna...
EUVD-2024-31513
Malicious code in bioql PyPI...
EUVD-2023-37541
Malicious code in bioql PyPI...
CVE-2025-8748 OS command injection in MiR robots and MiR fleet via crafted HTTP requests
MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system...
CVE-2025-5826
CVE-2025-5826 concerns Autel MaxiCharger AC Wallbox Commercial. The flaw is in the ble_process_esp32_msg function, arising from misinterpretation of input data. It allows network-adjacent attackers to inject arbitrary AT commands in the device context without authentication. Documented impact is ...
CVE-2024-13087 QHora
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version:...