PT-2025-37052

Name of the Vulnerable Software and Affected Versions: 1panel version 2.0.8 Description: An OS Command injection issue exists in the OperateSSH function within 1panel. Attackers can execute arbitrary commands by manipulating the operation parameter of the /api/v2/hosts/ssh/operate API endpoint...

Linux Distros Unpatched Vulnerability : CVE-2024-39223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to...

CVE-2025-9997

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...

CVE-2025-9996

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...

CVE-2025-9997

CVE-2025-9997 relates to an OS command injection in BLMon Console (Schneider Electric) triggered during SSH sessions when running netstat. The root cause is improper neutralization of special elements in OS commands (CWE-78), potentially allowing execution of arbitrary shell commands on the affec...

CVE-2025-9997

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...

CVE-2025-9997

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...

CVE-2025-9996

CVE-2025-9996 describes an OS command injection in Schneider Electric’s BLMon Console used in Saitel DR/DP remote terminal units. The root cause is improper neutralization of special elements in an OS command, enabling execution of arbitrary shell commands when netstat is run in an SSH session. T...

CVE-2025-9996

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...

Vulnerabilities fixed in Schneider Electric Saitel

Schneider Electric has fixed vulnerabilities in Saitel components. The vulnerabilities are in how the BLMon Console handles special elements in operating system commands during SSH sessions. A malicious party could exploit these vulnerabilities to execute unauthorized shell commands, which could...

PT-2025-36978

Name of the Vulnerable Software and Affected Versions: BLMon Console affected versions not specified Description: An OS Command Injection issue exists due to improper neutralization of special elements used in an OS command. This could allow for the execution of arbitrary shell commands when...

libssh 安全漏洞

libssh is a C development package from the libssh organization for accessing SSH services, which is capable of executing remote commands, file transfers, as well as providing a secure transport channel for remote programs. A security vulnerability exists in libssh that stems from memory not being...

GO-2025-3930 Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve

Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...

PT-2025-36651

Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 - Erlang/OTP SSH RCE PoC !CVE-2025-32433htt...

CVE-2025-35451

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be...

PT-2025-36260

Name of the Vulnerable Software and Affected Versions: PTZOptics and ValueHD-based pan-tilt-zoom cameras affected versions not specified Description: PTZOptics and ValueHD-based pan-tilt-zoom cameras utilize hard-coded, default administrative credentials. These credentials can be easily...

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2025-58355

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

Soft Serve 路径遍历漏洞

Soft Serve is a self-hostable command-line Git server from Charm Open Source. A path traversal vulnerability exists in Soft Serve 0.9.1 and earlier versions, which stems from an SSH API that allows an attacker to create or overwrite arbitrary files...