917 matches found
CVE-2026-36615
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...
KevinLAB BEMS (Building Energy Management System) - Backdoor Account
KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...
CVE-2026-36615
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...
CVE-2026-36615
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 is affected by CVE-2026-36615 due to an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network. The issue stems from exposure of internal data to nearby devices wit...
CVE-2026-36615
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...
EUVD-2026-34153
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...
CVE-2026-36615
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...
MAL-2026-4546 Malicious code in cwao-units (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f3ce7490e9a811444c5493ebb6d968f9dd7879d7695f330e101cf5b158fedf package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976,568-byte Linux x86-64 ELF binary shipped in the tarball...
Malicious code in @nolimit-x/win32-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 343787b335da015be56f49d118534c54bf81abab9e53b40bec0114d23bcc95c7 Package ships a single 8.1 MB Windows PE nolimit-core.exe as its main entry with only the description 'nolimit-x native binary for Windows x64' — no...
MAL-2026-4408 Malicious code in @nolimit-x/win32-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 343787b335da015be56f49d118534c54bf81abab9e53b40bec0114d23bcc95c7 Package ships a single 8.1 MB Windows PE nolimit-core.exe as its main entry with only the description 'nolimit-x native binary for Windows x64' — no...
MAL-2026-4744 Malicious code in cch-agent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af simpleagent/cli.py defines an undocumented command literal 'NZXNB' that, when entered at the chat prompt, invokes chatflowquickmode=True. In quick mo...
Malicious code in cch-agent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af simpleagent/cli.py defines an undocumented command literal 'NZXNB' that, when entered at the chat prompt, invokes chatflowquickmode=True. In quick mo...
Malicious code in koishi-plugin-fusheng-count (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 060196a35f8eb94f7e91f892daf62aee8e293d16130565dfbc837877df264db5 lib/index.js contains a base64-obfuscated hardcoded user ID Buffer.from"Mjc1OTcyMDE2MQ==", "base64".toString"utf-8" decoding to QQ ID 2759720161 whic...
MAL-2026-4750 Malicious code in fastapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a753fd569a7bb908b7cdf82fe0228dc0e24dcc253b67993af5dd5c30b61f4411 This release of fastapi 0.136.3 modifies pyproject.toml and PKG-INFO to add an undocumented dependency 'fastar=0.9.0' to the...
Malicious code in fastapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a753fd569a7bb908b7cdf82fe0228dc0e24dcc253b67993af5dd5c30b61f4411 This release of fastapi 0.136.3 modifies pyproject.toml and PKG-INFO to add an undocumented dependency 'fastar=0.9.0' to the...
MAL-2026-4774 Malicious code in vulndify-mcp-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6110bfbfb3eac275094aefd342ef273350829f83c53c480e29df1f872b335650 The package advertises itself in the README as offering only a benign hello MCP tool, but src/vulndifymcpserver/server.py registers two additional,...
CVE-2026-2812
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...
CVE-2026-2812
Summary: CVE-2026-2812 affects ArcGIS Server (12.0 and earlier) due to an improper authentication flaw in an undocumented administrative endpoint. An unauthenticated attacker can trigger a crafted request to that endpoint, potentially disrupting the web-based browsing interface. The available doc...
CVE-2026-2812 Improper Authentication issue in ArcGIS Server
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...
EUVD-2026-31147
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...