Sophos Firewall <=18.5 MR3 - Remote Code Execution

Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code. id: CVE-2022-1040 info: name: Sophos Firewall =18.5 MR4 to mitigate this vulnerability. reference: -...

CVE-2026-40250

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1040 performs chan-width chan-bytesperelement in...

EUVD-2026-24047

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1040 performs chan-width chan-bytesperelement in...

PT-2026-33909

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.9 OpenEXR versions 3.3.0 through 3.3.9 OpenEXR versions 3.2.0 through 3.2.7 Description An integer overflow occurs in the reference implementation of the EXR image storage format. The issue exists in internal...

EUVD-2019-3657

Malware in sbrugna...

CVE-2020-1040

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-103...

CVE-2025-1040

creationtimestamp| type| source ---|---|--- 2025-03-20 12:48:49+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114194836597412892 2025-03-20 13:03:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lksr45lvir2w 2025-03-20 13:13:06+00:00| seen|...

CVE-2025-1040

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...

CVE-2025-1040 Server-Side Template Injection (SSTI) in significant-gravitas/autogpt

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...

CVE-2025-1040 Server-Side Template Injection (SSTI) in significant-gravitas/autogpt

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...

CVE-2025-1040

CVE-2025-1040 : AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that can lead to Remote Code Execution (RCE). The root cause is improper handling of user-supplied format strings in the AgentOutputBlock, where input is passed to the Jinja2 templating en...

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...

CVE-2024-1040

creationtimestamp| type| source ---|---|--- 2024-02-01 23:26:37+00:00| seen| https://t.me/ctinow/177825 2024-02-24 10:11:21+00:00| seen| https://t.me/ctinow/192524 2025-05-09 19:26:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15821...

CVE-2024-1040

Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device...

CVE-2024-1040 Use of a Broken or Risky Cryptographic Algorithm in Gessler GmbH WEB-MASTER

Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device...

CVE-2024-1040

CVE-2024-1040 affects Gessler GmbH WEB-MASTER, specifically version 7.9, where user passwords are stored using a weak hashing algorithm. The weakness allows an attacker to restore passwords by breaking the stored hashes (confirmed by multiple sources in connected documents). This vulnerability ha...

Gessler GmbH WEB-MASTER

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable Remotely/Low attack complexity Vendor : Gessler GmbH Equipment : WEB-MASTER Vulnerabilities : Use of Weak Credentials, Use of Weak Hash 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a user to take...

CVE-2023-1040

CVE-2023-1040 affects SourceCodester Online Graduate Tracer System 1.0. The vulnerability lies in the file tracking/admin/add_acc.php, where manipulating the id parameter leads to a SQL injection. It is exploitable remotely and was disclosed publicly, with a critical CVSS score in the primary des...

Exploit for CVE-2022-1040

Environment In Python Environment3.10 python3.10 It...

Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organization...