78 matches found
CVE-2026-58127 PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...
CVE-2026-58127
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...
EUVD-2026-40845
Storage Concentrator SC & SCVM contains a command injection vulnerability in the msservice.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a...
CVE-2026-56413
CVE-2026-56413 affects StoneFly Storage Concentrator (SC & SCVM). The ms_service.pl component listening on TCP port 9000 is vulnerable to command injection. An unauthenticated remote attacker can send a specially crafted network packet that is processed without proper sanitization, enabling arbit...
PT-2026-54437
Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Command injection exists in the ms service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An...
CVE-2026-49195
Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...
CVE-2026-49195 Predator Connect W6x: unauthenticated Debug Service
Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...
CVE-2026-49195 Predator Connect W6x: unauthenticated Debug Service
Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...
PT-2026-44765
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated debug service is exposed on TCP port 9000. This allows a LAN-based attacker to execute arbitrary UCC commands via the '/sbin/mtk dut' binary...
CVE-2026-1435
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...
CVE-2026-1435
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...
CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...
CVE-2026-1435 Incorrect management of session invalidation vulnerability in Graylog Web Interface
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...
CVE-2026-1435
CVE-2026-1435 affects Graylog Web Interface 2.2.3. The root cause is improper session invalidation: a new sessionId is issued on authentication, but previously issued session identifiers remain valid. This allows use of an old session token to authenticate requests even after multiple logins by t...
EUVD-2013-7245
Malware in sbrugna...
EUVD-2023-27553
Malicious code in bioql PyPI...
EUVD-2023-27552
Malicious code in bioql PyPI...
EUVD-2023-51261
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-48704
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issu...
Linux Distros Unpatched Vulnerability : CVE-2015-10141
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. Wh...