CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

Shell Command Injection

imageprocessing is vulnerable to shell command injection. The apply function in chainable.rb does not properly check unsanitized user input operational commands, allowing an attacker to inject and execute malicious shell commands...

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by...

CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...