MAL-2026-548 Malicious code in tabletas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d102f1cf4d0e6b08e5e77aa57a2a436a49f782fe6571b2a8e8d114e10d968d Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2026-23592

CVE-2026-23592 affects HPE Aruba Networking Fabric Composer. Insecure file operations in the backup functionality could allow authenticated attackers to achieve remote code execution and run arbitrary commands on the underlying OS. No remediation details are provided in the supplied documents.

PT-2026-6970

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security issue exists in the DDNS Service component of D-Link DIR-823X version 250416. The issue relates to the processing of the /goform/set ddns file. Manipulation of the ddnsType, ddnsDomainName,...

PT-2026-4760

CVE-2026-24642 - Apache HTTP Server Unauthenticated Remote Command Execution CVE ID : CVE-2026-24642 Published : Jan. 24, 2026, 4:15 a.m. | 1 hour, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

CVE-2025-36588

Dell Unisphere for PowerMax, versions 10.2.0.x, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

GitHub Kanban MCP Server: Operating System Command Injection Vulnerability

GitHub Kanban MCP Server is an application developed by Maki, a personal developer. The GitHub Kanban MCP Server has a vulnerability related to operating system command injection. This vulnerability arises from executing system calls without validating user input when processing the createissue...

PT-2026-4517

Name of the Vulnerable Software and Affected Versions PhreeBooks version 5.2.3 Description PhreeBooks version 5.2.3 has a flaw in the Image Manager related to file uploads. An authenticated attacker can upload a malicious PHP web shell due to unrestricted file type uploads, potentially leading to...

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

Exploit for CVE-2024-9932

CVE-2024-9932 / 0-Click RCE Exploit - Author: Joshua Provoste...

Exploit for Code Injection in Lubus Wp_Query_Console

CVE-2024-50498 / 0-Click RCE Exploit - Author: Joshua Provost...

Exploit for CVE-2024-51791

CVE-2024-51791 / 0-Click RCE Exploit - Author: Joshua Provost...

Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer_Repair_Shop

CVE-2024-51793 / 0-Click RCE Exploit - Author: Joshua Provost...

CVE-2021-47770

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network...

CVE-2021-47853

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2025-36588

Dell Unisphere for PowerMax, versions 10.2.0.x, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

CVE-2025-36588

Dell Unisphere for PowerMax, versions 10.2.0.x, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

CVE-2025-36588

Dell Unisphere for PowerMax, versions 10.2.0.x, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

EVMAPA

RISK EVALUATION Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses. 2. RECOMMENDED PRACTICES CISA recommends users take...

SUSE CVE-2021-47853

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...