CVE-2026-6543 Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

MAL-2025-123005 Malicious code in rina-kue91-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1b06aa7400f459f99bd3f7f495284b48f77609772b30d457d50423aeb3d4833 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in opposite_cattle-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc1e74bcae8b6737b74fe10fd12eb1eb39d8015ee94e79a242ad57bd2be4e74 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in overseas_tick_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8e11a2c20e86181da994f431e230150c30a24f95c8ec040b50ad856db71f562 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lina-toge77-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f237269d69b74cc5cbd6ceabf655a08b4f0fc61d2ea483146ec4e24fdf5fcaf0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...

Remote code execution

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

CVE-2017-17738

The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below allows renaming and modifying files via /tools.html...

CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

Cross site request forgery (csrf)

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...