CVE-2026-42372

The CVE pertains to D-Link DIR-605L Hardware Revision A1 (End-of-Life). It describes a hardcoded telnet backdoor: at boot, a telnet daemon starts via /bin/telnetd.sh using the username "Alphanetworks" and a static password read from /etc/alpha_config/image_sign. The custom telnetd accepts a -u us...

CVE-2026-4156 ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this...

PT-2026-23036

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall ASA Software and Secure FTD Software affected versions not specified Description A flaw exists in the Cisco FXOS Software CLI feature that may allow a local attacker with administrative access to execute arbitrary command...

EUVD-2021-21373

Malware in sbrugna...

EUVD-2018-1255

Malware in sbrugna...

EUVD-2020-24485

Malware in sbrugna...

EUVD-2024-50434

Malicious code in bioql PyPI...

EUVD-2022-37389

Malicious code in bioql PyPI...

EUVD-2022-25926

Malicious code in bioql PyPI...

EUVD-2024-20005

Malicious code in bioql PyPI...

EUVD-2024-36455

Malicious code in bioql PyPI...

EUVD-2022-34393

Malicious code in bioql PyPI...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20290)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

CVE-2025-34151 Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Password Command Injection

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...

PT-2025-32045 · Kenwood · Kenwood Dmx958Xr

Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows attackers with physical access to execute arbitrary code on affected Kenwood DMX958XR devices. The flaw resides in the firmware update process due to insufficient...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2024-41308

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system...

CVE-2024-22461

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system...

CVE-2024-22461

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS command injection vulnerability due to improper input validation. A low-privilege remote attacker could execute arbitrary commands as root, potentially compromising the entire system. Mitigation: apply Dell security update referenced as ...

CVE-2024-39579

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access...