EUVD-2022-37391

Malicious code in bioql PyPI...

EUVD-2022-29051

Malicious code in bioql PyPI...

EUVD-2022-37390

Malicious code in bioql PyPI...

EUVD-2021-33469

Malicious code in bioql PyPI...

CVE-2024-0014

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-3166

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3805 devices. An attacker can upload arbitrary file content as a firmware update when the filename SettingsDSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update,...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework

Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...