Rclone 1.46.x < 1.74.3 Unauthenticated Command Execution

The version of Rclone installed on the remote host is 1.46.x prior to 1.74.3. It is, therefore, affected by an unauthenticated command execution vulnerability: - rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form /remote:path/object. The remote value is parse...

Malicious code in noteparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 270d4c797fe34bc0b9598608f45add8721f1fa80d1488e4fae750e3a7b38419e noteparse 1.1.27 ships live MinIO credentials in configReader.py endpoint uicfile.uniview.com, accesskey 'uicpro', secretkey 'uicpropass123' that are...

Malicious code in common-tg-service (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 502 published versions 1.0.1 through 1.3.207 are malicious. Pairs with ams-ssk, which provides the operator's server-side AMS/CMS infrastructure...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.12 had a access control vulnerability. This vulnerability stemmed from the Nostr plugin exposing unvalidated HTTP endpoints, which could allow remote attackers to read sensitive configuration file da...

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

Malicious code in ifood-faster-remote-config (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b47856b6547efd8d456abded39dc3e710dfa04600ceb26aeeffdae16c33aa4f The OpenSSF Package Analysis project identified...

MAL-2025-46989 Malicious code in ifood-faster-remote-config (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b47856b6547efd8d456abded39dc3e710dfa04600ceb26aeeffdae16c33aa4f The OpenSSF Package Analysis project identified...

Baidu BRCC 安全漏洞

Baidu BRCC Baidu Better Remote Config Center is a distributed configuration center of China's Baidu Baidu, which is used to unify the management of configuration information of application services, to avoid all kinds of resources scattered in various projects, and to simplify the maintenance cos...

The vulnerability of the Four-Faith F3x36 microprogrammed router server lies in the lack of authentication for a critical function, allowing an attacker to modify the device’s configuration.

The vulnerability of the Four-Faith F3x36 microprogrammed router software server lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify the device’s configuration by sending specially crafted HTTP requests...

The vulnerability of the account_operator.cgi file in the microprogramming software for ZyXEL USG FLEX and VPN devices allows a hacker to alter the device’s configuration data and trigger a service failure.

The vulnerability of the accountoperator.cgi file in the ZyXEL USG FLEX and VPN networking devices relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a malicious actor to remotely alter the device’s...

CVE-2022-28719

Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code...

CVE-2021-3553 Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825)

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...

HID Global OMNIKEY 跨站请求伪造漏洞

HID Global OMNIKEY is a hardware device from HID Global, Inc. It is used to read cards. A security vulnerability exists in the HID OMNIKEY 5427 and OMNIKEY 5127 readers, which can be exploited by a remote attacker to upload a configuration file by convincing an authenticated user to visit a...

CVE-2017-12343

Multiple vulnerabilities in Cisco Data Center Network Manager DCNM Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting...

Cohu 3960HD Authentication Deficiency Vulnerability

The Cohu 3960HD is an IP zoom camera from Cohu USA that is typically used as a traffic camera. A security vulnerability exists in the Cohu 3960HD that stems from the program's failure to validate commands received on a remote configuration port. An attacker can exploit the vulnerability to change...

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware,...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

LifeSize Room 5.0.9 - Multiple Vulnerabilities Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar very bugs in the WebUI exist and thier support...

The vulnerability of the CUPS printing server allows a attacker to modify the device configuration file or execute arbitrary code.

The vulnerability of the addjob function in the scheduler/ipp.c file of the CUPS printing server is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to modify the device configuration file remotely or execute arbitrary code using specially crafted...