Malicious Package

Overview @mlspace/inference-build is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

CVE-2026-21785 HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

EUVD-2022-55210

Malicious code in bioql PyPI...

CVE-2025-31965

CVE-2025-31965 concerns HCL BigFix Remote Control Server WebUI, affected on version 10.1.0.0248 and earlier. The root issue is improper access restrictions that allow non-admin users to view unauthorized information on certain pages (authorization bypass). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R...

CVE-2022-4978

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An...

CVE-2022-4978 Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An...

CVE-2022-4978 Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An...

Remote Control Server 安全漏洞

Remote Control Server is a remote control server by Stephan Schultz, an individual developer. A security vulnerability exists in Remote Control Server version 3.1.1.12 that originates from unauthenticated remote code execution and could lead to complete system compromise...

PT-2025-30586 · Steppschuh · Dg Remote Control Server

Name of the Vulnerable Software and Affected Versions: Remote Control Server versions 3.1.1.12 Description: Remote Control Server, maintained by Steppschuh, allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custo...

CVE-2023-32563

An unauthenticated attacker could achieve the code execution through a RemoteControl server...

CVE-2023-46262

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery SSRF in Ivanti Avalanche Remote Control server...

CVE-2023-46262

CVE-2023-46262 affects Ivanti Avalanche. Multiple connected sources confirm an unauthenticated SSRF condition in the Avalanche Remote Control server, tied to the validateAMCWSConnection pathway. The issue allows an attacker to craft a web request and access resources without authentication, with ...

CVE-2023-46262

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery SSRF in Ivanti Avalanche Remote Control server...

Wavelink Avalanche Security Vulnerability

Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker can exploit this vulnerability to cause server-side request forgery SSRF in a remote control server by sending a...

VulnCheck KEV: CVE-2023-32563

An unauthenticated attacker could achieve the code execution through a RemoteControl server...

Ivanti Avalanche Remote Control Server RCServlet Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Remote Control Server RCServlet servlet. The issue results from the lack of...

CVE-2021-31217

The CVE-2021-31217 entry affects SolarWinds DameWare Mini Remote Control Server 12.0.1.200, where insecure file permissions enable arbitrary file deletion as SYSTEM due to overly permissive folders. The issue is documented across multiple sources (NVD, Red Hat, Nessus plugin, CVE lists, CNNVD) wi...

CVE-2021-31217

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM...

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack... and the number of infected users is continuously increasing every hour. What's Interesting? Unlike almost every ransomwar...

DameWare Mini Remote Control Server 3.7x Pre-Authentication Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/9213/info A problem has been identified in the handling of pre-authentication packets by DameWare Mini Remote Control Server. Because of this, it may be possible for a remote attacker to gain unauthorized access to hosts...