MAL-2026-5620 Malicious code in telebot-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3c49bb558149b55f90b708ff47e24f6f856a88abb4b2ed477633c3df43d4e2 The package advertises itself as a configurable Telegram bot server README and.env.example reference TELEGRAMBOTTOKEN and ALLOWEDUSERIDS, but the cod...

Nextcloud: Ratelimiting can be bypassed using IPv6 subnets

Nextcloud hardcodes IPv6 subnets to /128. End users get at least a /64 subnet more than the whole IPv4 address space!, most providers assign even larger subnets like /48. The subnet is used to block bruteforce attempts 3 and rate limiting 4. An attacker can easily generate random addresses from t...

CVE-2017-14421

D-Link DIR-850L REV. B with firmware through FW208WWb02 devices have a hardcoded password of wrgac25dlink.2013guidir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session...

Nagasaki Electronic Prefectural Office System authentication information vulnerability

Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system hardcodes some credential information and a remote attacker could impersonate genuine users. Impact A remote attacker could impersonate genuine users. As a result, the attacker...