[webapps] D-Link DIR-650IN - Authenticated Command Injection
D-Link DIR-650IN - Authenticated Command Injection
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1059 — Command and Scripting Interpreter (Execution)
Clear filter32 articles found
New ClickFix variant bypasses Apple safeguards with one‑click script execution
ClickFix malware campaigns are evolving again, with threat actors removing one of their most obvious and user‑dependent steps: convincing victims to paste ma...
AI agent compromise via illicit web content detailed
SecurityWeek reports that AI agents could be vulnerable to half a dozen attacks involving malicious web content that enables illicit command injection and un...
ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required ...
Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker ...
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
Today, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they ne...
Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to...
OpenAI patches twin leaks as Codex slips and ChatGPT spills
OpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways. The issues, disclosed by researchers at Beyo...
OpenAI fixes Codex flaw that could lead to GitHub token theft
A command injection hidden in a branch name could cause an OAuth token to be exfiltrated.
OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.
ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...
ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...
ZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit ...
ZDI-26-197: (Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is ...
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defen...
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerabilities
Multiple vulnerabilities in the CLI feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD...
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform a...
Cisco FXOS and UCS Manager Software Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with...
Cisco UCS Manager Software Command Injection Vulnerability
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administ...
ZDI-26-124: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of claude-hovercraft. Authentication is not required to exploi...