Malicious code in uhd-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cd16b0b6896b16874da441b7197b846bf0c725dcff0ef2d6e8f93c6cc08fc99 package.json declares scripts.preinstall: node index.js. On npm install, index.js lines 4-5 performs dns.resolve and https.get against...

MAL-2026-5287 Malicious code in uhd-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cd16b0b6896b16874da441b7197b846bf0c725dcff0ef2d6e8f93c6cc08fc99 package.json declares scripts.preinstall: node index.js. On npm install, index.js lines 4-5 performs dns.resolve and https.get against...

CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

Kernel-Exploit-Dojo-127

Kernel-Exploit-Dojo-127 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-243

Kernel-Exploit-Dojo-243 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-239

Kernel-Exploit-Dojo-239 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-255

Kernel-Exploit-Dojo-255 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-866

Kernel-Exploit-Dojo-866 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-283

Kernel-Exploit-Dojo-283 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-962

Kernel-Exploit-Dojo-962 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-822

Kernel-Exploit-Dojo-822 CTF kernel exploitation notes, PoCs,...

CVE-2026-37224

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

CVE-2026-3117

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

CVE-2026-8106

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirectto query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an...

CVE-2026-45004

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious...

MAL-2026-5272 Malicious code in goodoltoulas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1279e2d267bf2af95bf5c3a98cc71ac362ed2af7aa35f6bbfe1f05bb839cb18 During installation, package attempts to download and run an executable imitating malicious activity. --- Category: PROBABLYPENTEST - Packages looking like...

CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...