Lucene search
K

7921 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 12:59 a.m.3 views

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8.8CVSS6.5AI score0.01897EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 12:59 a.m.3 views

CVE-2026-25037 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8CVSS6.6AI score0.01897EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:56 a.m.14 views

CVE-2026-20764

CVE-2026-20764 affects Copeland XWEB Pro (versions prior to 1.12.1). An authenticated user can supply malicious input through the device hostname configuration, which is processed during system setup, resulting in OS command injection and remote code execution. Red Hat security notes the same vul...

8.8CVSS6.3AI score0.01934EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 12:56 a.m.4 views

CVE-2026-20764 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8CVSS6.6AI score0.01934EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/27 12:56 a.m.19 views

CVE-2026-20764 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8CVSS0.01934EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 12:48 a.m.3 views

CVE-2026-25109 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...

8CVSS6.5AI score0.01518EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:48 a.m.13 views

CVE-2026-25109

CVE-2026-25109 affects XWEB Pro prior to 1.12.1. The vulnerability is an OS command injection in the devices field on the /get setup route, exploitable by an authenticated attacker to achieve remote code execution. Public sources (NVD, Red Hat, EUVD) confirm the impact and vulnerable version rang...

8.8CVSS6.5AI score0.01518EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:48 a.m.4 views

CVE-2026-25109

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...

8.8CVSS6.5AI score0.01518EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 12:48 a.m.23 views

CVE-2026-25109 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...

8CVSS0.01518EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.10 views

PT-2026-22260

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is possible by injecting malicious input into the devices field when accessing the /get setup API endpoint...

8.8CVSS6.3AI score0.01518EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22279

Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier Description A flaw exists that allows a logged-in attacker to execute code on a system remotely. This is achieved by altering harmful input within the URL of the MBird SMS service and/or code through the...

8.8CVSS6.3AI score0.01934EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22275

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code on the system remotely. This is achieved by configuring a specially crafted LCD state, which is then processed during system setup. Th...

8.8CVSS6.1AI score0.01897EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22270

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An OS command injection issue exists, allowing an authenticated attacker to execute code remotely. This is achieved by providing malicious input through the device hostname configuration during...

8.8CVSS6.3AI score0.01934EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/26 1:55 p.m.8 views

Malicious code in edx-salesforce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4ffac16b09d8312b28d4f65cd3d0f49ecccca9de9d7bbdac0aed694b28949b7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/26 10:11 a.m.12 views

Malicious code in awareness-demo-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 73d2724a4dc0c9e8d1439a29324b142a46c456e7d078ba90127777a59bf906d8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/02/25 7:42 p.m.7 views

MAL-2026-1035 Malicious code in neural-compressor-jax (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb1f58a45ef1a06954d1807517faea8790a771906e95a98d571587558244ea3f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/25 11:49 a.m.4 views

MAL-2026-1029 Malicious code in geocommunes-geoportal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 818beaf9a2c40fe1d288ab5f872c124eb851c191110b30d222a884e0cbec50b5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/25 11:24 a.m.4 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...

9.1CVSS5.9AI score0.00756EPSS
Exploits1References6
OSV
OSV
added 2026/02/25 11:16 a.m.6 views

DEBIAN-CVE-2026-26103

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

7.1CVSS5.2AI score0.00075EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/24 4:18 p.m.11 views

Malicious code in spark-audit-notify (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c527925d1e7cb4055b6c154326cd54a713ad543349c2b3b6f8ab8f0d75e8cbe During installation, host identification details including AD domain are exfiltrated through a series of functions obfuscating this behavior. --- Category:...

5.7AI score
Exploits0References1
Rows per page
Query Builder