CVE-2025-65293

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging...

New Strain of Sotdas Malware Discovered

Introduction There are numerous malicious codes that are currently active on smart devices, such as Ddosf, Dofloo, Gafgyt, MrBlack, Persirai, Sotdas, Tsunami, Triddy, Mirai, Moose, and Satori, among others. These malicious codes and their variants can intrude into and control smart devices throug...

MAL-2023-2978 Malicious code in esqinfohttppush (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2515bbc175db61f18354836ad556651e49fd26c8c0b9767c6e9816fd61b62131 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

C99Shell-PHP7 - PHP 7 And Safe-Build Update Of The Popular C99 Variant Of PHP Shell

C99Shell-PHP7 PHP 7 and safe-build Update of the popular C99 variant of PHP Shell. c99shell.php v.2.0 PHP 7 25.02.2019 Updated by: PinoyWH1Z for PHP 7 About C99Shell An excellent example of a web shell is the c99 variant, which is a PHP shell most of them calls it malware often uploaded to a...

TD Bank: Search input is vulnerable for XSS in qa.td.com and dev.td.com

Summary: I was able to exploit search input in qa.td.com. Steps To Reproduce: Go to qa.td.com and use the search option to reproduce this vulnerability Supporting Material/References: F2152622 attachment / reference Example-...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code executions. The vulnerability exists due to some memory corruptions which allows an attacker to inject and execute malicious codes into the system...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists due to use after free in logging which allows an attacker to inject and execute malicious codes in to the system...

Arbitrary Code Execution

d8s-urls is vulnerable to arbitrary code execution. The vulnerability exists because the democritus-networking package of a specific version of d8s-urls acts as a potential code execution third party backdoor which allows an attacker to inject and execute malicious codes in to the system...

Arbitrary Code Execution

d8sstrings is vulnerable to arbitrary code execution. The vulnerability exists because the democritus-hypothesis package of a specific version of d8sstrings acts as a potential code execution backdoor which allows an attacker to inject and execute malicious codes in to the system...

Arbitrary Code Execution

d8sipaddresses is vulnerable to arbitrary code execution. The vulnerability exists because the democritus-networking package of a specific version of d8s-archives acts as a potential code execution backdoor which allows an attacker to inject and execute malicious codes in to the system...

Arbitrary Code Execution

d8sutility is vulnerable to arbitrary code execution. The vulnerability exists because the democritus-networking package of a specific version of d8sutility acts as a potential code execution backdoor which allows an attacker to inject and execute malicious codes in to the system...

Arbitrary Code Execution

watools is vulnerable to arbitrary code execution. The vulnerability exists because of a code execution backdoor in all the versions of watools packages available in Pypi which allows an attacker to inject and execute malicious codes...

Remote Code Execution

@joplin/renderer is vulnerable to remote code execution. The vulnerability exists in stripHtml function of htmlUtils.ts because the html entities are not encoded which allows an attacker to inject and execute malicious codes...

Inappropriate Implementation

chromium is vulnerable to inappropriate implementation. The vulnerability exists due to improper storage which allows an attacker to send and execute malicious codes...

CVE-2021-33694

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting...

CVE-2021-33693

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...

Command injection

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...

CVE-2021-33693

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...

Remote Code Execution (RCE)

ffmpeg is vulnerable to remote code execution. The vulnerability exists due to a heap-use-after-free in the avfreep function in libavutil/mem.c which allows an attacker to inject and execute malicious codes...