886 matches found
EUVD-2017-15502
Malware in sbrugna...
EUVD-2020-3207
Malware in sbrugna...
EUVD-2021-7600
Malicious code in bioql PyPI...
EUVD-2025-4194
Malicious code in bioql PyPI...
CVE-2025-34212
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...
CVE-2025-34212
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...
CVE-2025-34212 Vasion Print (formerly PrinterLogic) Insecure Build Pipeline
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...
PT-2025-39881
Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.843 Vasion Print Application versions prior to 20.0.1923 Description The Vasion Print Virtual Appliance Host and Application have weaknesses in their CI/CD processes. The build process retrieves an unverifie...
CVE-2025-20334
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...
CVE-2025-57295
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access ca...
CVE-2025-34187
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
CVE-2025-34187
Ilevia EVE X1/X5 Server (versions ≤ 4.7.18.0.eden) is affected by multiple vulnerabilities. The primary CVE (CVE-2025-34187) stems from a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts; if these scripts are writable by web-facing users or reachable...
CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell
!/usr/bin/env python Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: = 4.7.18.0.eden Logic ver: 6.00 Summary: EVE is a smart home and building automation solution designed for both residential and commercial...
CVE-2025-10364
CVE-2025-10364 affects the Evertz SDVN 3080ipx-10G web management interface. The issue is a command-injection vulnerability in feature-transfer-export.php that allows remote unauthenticated arbitrary code execution with root privileges. The connected sources confirm the vulnerability is tied to t...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell
Ilevia EVE X1/X5 Server version 4.7.18.0.eden reverse rootshell exploit. A misconfiguration in the sudoers file permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user...
Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection
Overview SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-54857 Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
CVE-2018-25115
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...
PT-2025-33278 · Kuwfi · Kuwfi 4G Ac900 Lte Router
Name of the Vulnerable Software and Affected Versions: KuWFi 4G AC900 LTE router version 1.0.13 Description: The KuWFi 4G AC900 LTE router is susceptible to command injection via the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary ...