Hikvision IP ping.php - Command Execution

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

Malicious code in intercom-php (Packagist)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 0bd33abd6fda35e856f8346fda5e85913ce2cad6b4d6c315a2e7138b867760aa This package is malicious and was compromised as part of the Mini Shai-Hulud campaign by the TeamPCP threat actor. The malicious payload...

MAL-2026-3637 Malicious code in intercom-php (Packagist)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 0bd33abd6fda35e856f8346fda5e85913ce2cad6b4d6c315a2e7138b867760aa This package is malicious and was compromised as part of the Mini Shai-Hulud campaign by the TeamPCP threat actor. The malicious payload...

NPM: Compromised version of intercom-client published to npm

NPM: Compromised version of intercom-client published to npm vulnerability discovered by ? in WordPress Npm intercom-client versions 7.0.4...

@kyoji2/intercom-cli (>=0.1.0 <=0.1.6), @types/intercom-client (=3.0.0) +2 more potentially affected by unknown CVE via intercom-client (>=7.0.1 <=7.0.3)

intercom-client NPM version =7.0.1, =0.1.0, =3.0.14, =3.0.31 Source cves: unknown CVE Source advisory: OSV:GHSA-54PG-9963-V8VG...

Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

GHSA-54PG-9963-V8VG Compromised version of intercom-client published to npm

Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version was not produced by Intercom's build pipeline. The malicious version contained an obfuscated JavaScript payload that executed during packag...

Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

GHSA-GR3R-CRP5-QRRM Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

Malicious code in intercom-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6931321619f69c7d1da208b4dffb8162d8ef83b0c9ee16539a8d8620ccbcc The package intercom-client was found to contain malicious code. Source: ghsa-malware 2d01b1077a26ddef79a7421bd98e7e2e9dd6a8d2447f41c2cfe3fb5e35f9631...

@kyoji2/intercom-cli (>=0.1.0 <=0.1.6), @types/intercom-client (=3.0.0) +2 more potentially affected by unknown CVE via intercom-client (>=7.0.1 <=7.0.3)

intercom-client NPM version =7.0.1, =0.1.0, =3.0.14, =3.0.31 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3204...

MAL-2026-3204 Malicious code in intercom-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6931321619f69c7d1da208b4dffb8162d8ef83b0c9ee16539a8d8620ccbcc The package intercom-client was found to contain malicious code. Source: ghsa-malware 2d01b1077a26ddef79a7421bd98e7e2e9dd6a8d2447f41c2cfe3fb5e35f9631...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publish tampered versions of the deep learning framework. Malicious Behavior The execution chain ru...

Embedded Malicious Code

Overview intercom/intercom-php is an Intercom API client. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publish tampered versions of the deep learning...

CVE-2026-31280

An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service DoS via supplying crafted RFCOMM frames...

CVE-2026-31280

An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service DoS via supplying crafted RFCOMM frames...

Sena Parani M10 Motorcycle Intercom 安全漏洞

Sena Parani M10 Motorcycle Intercom is a motorcycle helmet communication system from South Korea’s Sena company, capable of supporting connections with multiple devices. Version 2.1.3 of Sena Parani M10 Motorcycle Intercom contains a security vulnerability. This vulnerability stems from issues wi...

CVE-2026-31280

An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service DoS via supplying crafted RFCOMM frames...

CVE-2026-31280

An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service DoS via supplying crafted RFCOMM frames...

PT-2026-32094

Name of the Vulnerable Software and Affected Versions Parani M10 Motorcycle Intercom version 2.1.3 Description A Bluetooth Classic RFCOMM service is exposed without enforcing secure authentication or proper access control. This allows unauthorized attackers to cause a Denial of Service DoS by...