CVE-2025-27899

CVE-2025-27899 is an IBM Db2 Recovery Expert for Linux, UNIX and Windows vulnerability where sensitive information is disclosed in an environment variable. The IBM security bulletin in connected documents confirms the affected product as DB2 Recovery Expert for LUW and states the issue arises fro...

GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061

The telnetd service from GNU InetUtils is vulnerable to authentication-bypass, tracked as CVE-2026-24061, in versions up to version 2.7. During Telnet authentication the SB byte can be sent to indicate sub-negotiation which allows for the exchange of sub-option parameters after both parties have...

📄 GNU Inetutils Telnet Authentication Bypass

A Metasploit module has been released that exploit telnetd. The telnetd service from GNU InetUtils is vulnerable to authentication bypass, tracked as CVE-2026-24061, in versions up to version 2.7. During Telnet authentication the SB byte can be sent to indicate sub-negotiation which allows for th...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via the Buffer.allocUnsafe and Buffer.allocUnsafeSlow functions in the task runner process. An attacker can access sensitive in-process memory contents by executing untrusted code that allocates uninitializ...

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

K000159869: Telnetd vulnerability CVE-2026-24061

Security Advisory Description Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. CVE-2026-24061 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the container context ...

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

PT-2026-5722

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.29 Description A command injection issue exists in the Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user with th...

📄 GNU Inetutils 2.7 Telnet Authentication Bypass Scanner

GNU Inetutils version 2.7 telnet authentication bypass scanner that leverages a crafted USER value. This vulnerability is tracked as CVE-2026-24061 and is conceptually related to historical Telnet NEW-ENVIRON issues such as CVE-1999-0192, but affects modern GNU Inetutils implementations...

aiohttp: AIOHTTP HTTP Request/Response Smuggling

A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...

📄 GNU Inetutils 2.7 telnet Privilege Escalation

Although Packet Storm has multiple exploits relating to this issue, this advisory keeps the details on the GNU Inetutils 2.7 telnetd privilege escalation vulnerability quite simple. Titles: Telnet Argument Injection Privilege Escalation - RCE Author: nu11secur1ty Date: 1/24/2026 Vendor:...

telnetd argument injection vulnerability

Added: 01/26/2026 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program included in GNU Inetutils allows authentication to be bypassed with a ...

GNU InetUtils Argument Injection Vulnerability

GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable...

telnetd argument injection vulnerability

Added: 01/26/2026 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program included in GNU Inetutils allows authentication to be bypassed with a ...

Malicious code in researchpoc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20a5e6f7ec432b0c41646f696c530fb5e46e034477a23d448de1ac3f18172bec Package mentions being a research PoC, probably for dependency confusion, but the code is obfuscated making verification of the claim impossible. --- Category:...

Exploit for CVE-2026-24061

CVE-2026-24061 — inetutils-telnetd Authentication Bypass A pr...

Exploit for CVE-2026-24061

CVE-2026-24061 Vulnerability Detection Tool ⚠️ Note: C...

SUSE CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...