14184 matches found
CVE-2026-31059
A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...
UTT 520W 安全漏洞
UTT 520W is a wireless router produced by China's UTTE Corporation. The UTT 520W v3v1.7.7-180627 version contains a security vulnerability. This vulnerability stems from issues with the /goform/formDia component, which may allow for remote command execution, potentially enabling the execution of...
CVE-2026-31059
A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...
PT-2026-30617
A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...
CVE-2026-31067
A remote command execution RCE vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...
PT-2026-30624
A remote command execution RCE vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...
CVE-2026-4272
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...
CVE-2026-4272 CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...
CVE-2026-4272 CVE-2026-4272 - Bluetooth Remote Execution of System Commands Vulnerability
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...
CVE-2026-5547
The CVE applies to Tenda AC10 with build 16.03.10.10_multi_TDE01 . The vulnerability affects the function formAddMacfilterRule in the file /bin/httpd , enabling an OS command injection . It is exploitable remotely and can affect multiple endpoints. Public assessments show a high impact: CVSSv3.1 ...
Command Injection
Overview code-screenshot-mcp is a MCP server for generating beautiful code screenshots directly from Claude Affected versions of this package are vulnerable to Command Injection through request parameters. An attacker can execute arbitrary operating system commands by sending specially crafted HT...
PT-2026-30480
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu eth0 field t...
CVE-2017-20236
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20236
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
Malicious code in strapi-plugin-advanced-uuid (npm)
strapi-plugin-advanced-uuid is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
MAL-2026-2450 Malicious code in strapi-plugin-advanced-uuid (npm)
strapi-plugin-advanced-uuid is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
MAL-2026-2465 Malicious code in strapi-plugin-health-check (npm)
strapi-plugin-health-check is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
MAL-2026-2471 Malicious code in strapi-plugin-nordica (npm)
strapi-plugin-nordica is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...
MAL-2026-2474 Malicious code in strapi-plugin-nordica-deep (npm)
strapi-plugin-nordica-deep is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
Malicious code in strapi-plugin-nordica-vhost (npm)
strapi-plugin-nordica-vhost is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...