MAL-2026-849 Malicious code in jsonconfig-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 883897a307b53ac17e981eac46b8d6f8c31d88fc2628c6d57c5f7f191ed84b81 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

METIS DFS 安全漏洞

METIS DFS is a data processing software developed by the Greek company METIS. Versions of METIS DFS 2.1.234-r18 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /console endpoint, which exposed a web-based shell without authentication requirements. This could...

PT-2026-7598

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

MAL-2026-847 Malicious code in requests-auth-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 03bb4c04410c4e3c58d7292eb47f8f76a2fbe5265abea29826ac910e890350d0 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

MAL-2026-825 Malicious code in devtools-webhook-cicd-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 807557cb6ac51aece00eeb28f55b89815176c95172780dcdded46b667f843771 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...

libssh 安全漏洞

libssh is a C-language development package from the libssh organization that allows access to SSH services. It can execute remote commands, transfer files, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from improper handling of...

📄 Palo Alto Networks PAN-OS 11.2 PHP Code Injection

Palo Alto Networks PAN-OS version 11.2 proof of concept remote command execution exploit that also leverages an authentication bypass vulnerability. ============================================================================================================================================= | Titl...

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

Malicious code in teligram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8090b17ada40e394e1d9df27c6fe6c22db7eed330f00e44ee1cc4d94bfbf3fef Package contains a Telegram bot for remote control of the machine. While this doesn't start automatically, this behavior is not disclosed by the package...

MAL-2026-813 Malicious code in teligram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8090b17ada40e394e1d9df27c6fe6c22db7eed330f00e44ee1cc4d94bfbf3fef Package contains a Telegram bot for remote control of the machine. While this doesn't start automatically, this behavior is not disclosed by the package...

Arbitrary Command Injection

Overview mcp-maigret is a MCP server for maigret - OSINT username search across social networks Affected versions of this package are vulnerable to Arbitrary Command Injection via the searchusername process in index.ts when handling the Username argument. An attacker can execute arbitrary system...

PT-2026-6998

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description A flaw exists in the Totolink WA300 device that allows for remote command execution. This is due to a vulnerability within the setAPNetwork function located in the /cgi-bin/cstecgi.cgi...

CVE-2025-64111

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-25643

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...

PT-2026-6900

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X 250416 that allows remote attackers to execute operating system commands. This is achieved by manipulating the mac argument within the /goform/set mac clone file throu...

PT-2026-6899

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in D-Link DIR-823X version 250416 that allows remote attackers to execute operating system commands. This occurs due to a command injection in an unknown function within the /goform/set...

CVE-2026-25643

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...

EUVD-2026-5586

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...

CVE-2026-25643

Frigate (NVR) prior to version 0.16.4 is affected by a critical Remote Command Execution (RCE) vulnerability in the go2rtc integration. The root cause is improper sanitization of user input in the video stream configuration (config.yaml), permitting injection of system commands via the exec: dire...