19616 matches found
CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...
CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...
CVE-2026-3485 D-Link DIR-868L SSDP Service sub_1BF84 os command injection
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...
CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
EUVD-2026-9317
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
CVE-2025-52365
The CVE-2025-52365 entry concerns a command injection in the szc script of the ccurtsinger/stabilizer repo. The issue stems from improper input handling where command-line arguments are directly concatenated into shell commands via os.system(), enabling remote command execution. Public references...
WordPress Backup Migration 1.3.7 - Remote Command Execution
Exploit Title: WordPress Backup Migration 1.3.7 - Remote Command Execution Date: 2025-10-26 Exploit Author: DANG Vendor Homepage: https://backupbliss.com/ Software Link: https://wordpress.org/plugins/backup-backup/ Version: Backup Migration ≤1.3.7 Tested on: LINUX CVE : CVE-2023-6553 This module...
stabilizer 安全漏洞
Stabilizer is a performance evaluation tool developed by Charlie Curtsinger. Stabilizer has a security vulnerability, which stems from the direct transmission of uncleaned user input to os.system, potentially allowing remote attackers to execute arbitrary system commands...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the host=node executions. An attacker can execute commands from an unintended filesystem location by rebinding a writable parent symlink...
MajorDoMo Remote Command Injection via cycle_execs Race Condition
This module exploits an unauthenticated command injection vulnerability in MajorDoMo's remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs database...
MAL-2026-1136 Malicious code in amigapythonupdater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 46cf32631436ddacf36a4984b254c10554b4e94c6099c5012a96ec3a7c5426a1 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
Malicious code in wisecloudsecrets (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e4ed4357b3e8038ef404e043cc63aafe6484b20d94267c4f024a27d840a4a2fc During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
Malicious code in fwk-amigapython-amigamlserver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5d6f09429b123469b1fc83ceb4af35c595ff4b6e2631552fc857922ca921c4c5 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
MAL-2026-1138 Malicious code in fwk-amigapython-amigamlserver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5d6f09429b123469b1fc83ceb4af35c595ff4b6e2631552fc857922ca921c4c5 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
Malicious code in fwk-amigapython-rest-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9694db9e75e6f3f31137edfba3f3a51ede2881961ee930ea4a4b02e1be086fc8 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
MAL-2026-1141 Malicious code in identityapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 45946e31faffbed940c8acb3656be0d5f25de7db36f58766cdac44a1e7d6150b During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
📄 MajorDoMo Remote Command Injection / Race Condition
This Metasploit module exploits an unauthenticated command injection vulnerability in MajorDoMos remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs...
Malicious code in jwrincident (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad20c4d6c73e649f0907879ef431132bb1566c890b55d8c5933abc09e10085fd During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...