CVE-2025-48416 Backdoor Functionality via SSH in eCharge Hardy Barth cPH2 / cPP2 charging stations

An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be...

CVE-2025-2894

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the...

CVE-2025-2894 Unitree Go1 Robot Dog Backdoor Control Channel

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the...

CVE-2025-2894 Unitree Go1 Robot Dog Backdoor Control Channel

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the...

PT-2025-13431

Name of the Vulnerable Software and Affected Versions UnitreeRobotics Zhexi/Oray affected versions not specified Description The issue concerns an undocumented backdoor in the robotic device. This backdoor allows the manufacturer and anyone with the correct API key to gain complete remote control...

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...

MAL-2025-628 Malicious code in node-telegram-sdk (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64fa53b655e6444ccce46488f04d3dcf7f427354b64c286c652de18e947c2c74 Any computer that has this package installed or...

From Offices to Hotels: Backdoor in Contactless Key Cards Enables Mass Cloning

Millions of office and hotel contactless access cards using Fudan Microelectronics chips are vulnerable to a hardware backdoor…...

WordPress WP Server Health Stats plugin 1.7.6 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin WP Server Health Stats versions 1.7.6...

WordPress PowerPress Podcasting plugin by Blubrry plugin 11.9.3–11.9.4 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin PowerPress Podcasting versions 11.9.3-11.9.4...

WordPress Seo Optimized Images plugin 2.1.2 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Seo Optimized Images versions 2.1.2...

WordPress Wrapper Link Elementor plugin 1.0.2, 1.0.3 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Wrapper Link Elementor versions 1.0.2,1.0.3...

WordPress Social Warfare plugin 4.4.6.4 to 4.4.7.1 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Social Warfare versions 4.4.6.4-4.4.7.1...

WordPress Contact Form 7 Multi-Step Addon plugin 1.0.4 to 1.0.5 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Contact Form 7 Multi-Step Addon versions 1.0.4-1.0.5...

WordPress BLAZE Retail Widget plugin 2.2.5 to 2.5.2 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin BLAZE Retail Widget versions 2.2.5-2.5.2...

XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check

The version of XZ Utils installed on the remote host is potentially affected by a backdoor vulnerability. Note: This plugin is paranoid because not all instances of the affected versions of XZ Utils are known to be vulnerable to the backdoor. The method of installation of XZ Utils plays a role in...

VulnCheck KEV: CVE-2021-29441

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

Design/Logic Flaw

vSphereselfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

vSphere_selfuse 安全漏洞

vSphereselfuse is a vSphere automation attempt project by Henry Sun Personal Developer. A security vulnerability exists in vSphereselfuse commit number: 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749, which stems from the fact that it allows an attacker to execute a backdoor through the code of a reque...

Democritus Project 代码问题漏洞

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. Democritus Project d8s-python has a security vulnerability that stems from its inclusion of a potential code execution backdoor inserted by a third party. An attacker could...