CVE-2026-42372

The CVE pertains to D-Link DIR-605L Hardware Revision A1 (End-of-Life). It describes a hardcoded telnet backdoor: at boot, a telnet daemon starts via /bin/telnetd.sh using the username "Alphanetworks" and a static password read from /etc/alpha_config/image_sign. The custom telnetd accepts a -u us...

CVE-2026-4156 ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this...

PT-2026-23036

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall ASA Software and Secure FTD Software affected versions not specified Description A flaw exists in the Cisco FXOS Software CLI feature that may allow a local attacker with administrative access to execute arbitrary command...

EUVD-2018-1255

Malware in sbrugna...

EUVD-2021-21373

Malware in sbrugna...

EUVD-2020-24485

Malware in sbrugna...

EUVD-2024-50434

Malicious code in bioql PyPI...

EUVD-2024-36455

Malicious code in bioql PyPI...

EUVD-2024-20005

Malicious code in bioql PyPI...

EUVD-2022-25926

Malicious code in bioql PyPI...

EUVD-2022-37389

Malicious code in bioql PyPI...

EUVD-2022-34393

Malicious code in bioql PyPI...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20290)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

CVE-2025-34151 Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Password Command Injection

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...

PT-2025-32045 · Kenwood · Kenwood Dmx958Xr

Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows attackers with physical access to execute arbitrary code on affected Kenwood DMX958XR devices. The flaw resides in the firmware update process due to insufficient...

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App lies in the lack of measures to neutralize substitution characters or identical symbols. This allows attackers to elevate their privileges to the root level.

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to the lack of measures taken to neutralize substitution characters or identical symbols. Exploiting this vulnerability can allow attackers to elevate their privileg...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2024-41308

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system...

The vulnerability of Dell PowerScale InsightIQ software for performance monitoring and reporting, related to context switching errors during privilege escalation, allows a perpetrator to elevate their privileges to the root level.

The vulnerability of the Dell PowerScale InsightIQ software for performance monitoring and reporting is related to context switching privilege errors. Exploiting this vulnerability could allow an attacker to elevate their privileges to the root level...

CVE-2024-22461

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS command injection vulnerability due to improper input validation. A low-privilege remote attacker could execute arbitrary commands as root, potentially compromising the entire system. Mitigation: apply Dell security update referenced as ...