PT-2026-34329

Name of the Vulnerable Software and Affected Versions camel-infinispan affected versions not specified Description Unsafe deserialization exists in the ProtoStream remote aggregation repository. A remote attacker with low privileges can send specially crafted data to achieve arbitrary code...

ROS-20260319-73-0024

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker to gain full control over the system...

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

EUVD-2023-60249

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass...

PT-2025-49769

Name of the Vulnerable Software and Affected Versions SAP Solution Manager affected versions not specified Description SAP Solution Manager is susceptible to a code injection issue stemming from inadequate input sanitation. An authenticated attacker can inject malicious code when invoking a...

PT-2025-42823

Name of the Vulnerable Software and Affected Versions TP-Link Omada Gateway affected versions not specified Description An arbitrary OS command may be executed by a remote attacker. An unauthenticated attacker can potentially execute commands on the system. The issue allows for remote command...

SAP NetWeaver AS Java 代码注入漏洞

SAP NetWeaver AS Java is a platform system from SAP, a German company. A code injection vulnerability exists in SAP NetWeaver AS Java that originates from allowing the uploading of arbitrary files, which could lead to full control of the system...

Malicious code in ideals-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dc50c85c983d6fae92067eec047d6e22d93ddd342cca6345a30c7e42c4e37fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-6983

mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...

CVE-2024-6983 Remote Code Execution in mudler/localai

mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...

Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dover Fueling Solutions DFS Equipment : ProGauge MAGLINK LX CONSOLE Vulnerabilities : Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting,...

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

CVE-2024-4889

CVE-2024-4889 affects berriai/litellm 1.34.6. The issue stems from unvalidated input in the secret management system’s eval function. When Google KMS is configured, an attacker can set UI_LOGO_PATH to a remote server in get_image, allowing writes to a malicious Google KMS configuration file at ca...

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions JAVS is a U.S.-based company specializing in digital audio-visual recording...

CVE-2023-5754 Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...

Malicious code in web3tool-rpc-methods (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e90705834b05e292cabf72529d908456c4f3768af2b34604147b5ac6ec38363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Daikin Holdings Singapore

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Daikin Holdings Singapore Pte Ltd. Equipment: SVMPC1, SVMPC2 Vulnerabilities: Use of Hard-coded Password, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Researchers Disclose Critical Flaws in Industrial Access Controllers from HID Mercury

As many as four zero-day security vulnerabilities have been disclosed in the HID Mercury access controller system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and loc...

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...