30913 matches found
Startup
Startup – Professional Write-up Platform: TryHackMe Tar...
CVE-2026-2618
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...
CVE-2026-2618
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via cmd.exe on Windows nodes when exec allowlist or approval gating is enabled. An attacker can execute unauthorized commands by crafting input that leverages Windows...
CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...
CVE-2026-2617
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...
CVE-2026-2617 Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...
System-Exploitation-Privilege-Escalation
System Exploitation & Privilege Escalation Lab 📄 Project O...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
CLEANSTART-2026-UH39784 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process
Multiple security vulnerabilities affect the istio-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...
PT-2026-20549
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.16.0 Description Weblate is a web-based localization tool. The SSH management console did not validate input when adding an SSH host key, potentially leading to an argument injection into the ssh-add function. This...
PT-2026-20335
Name of the Vulnerable Software and Affected Versions Beetel 777VR1 versions up to 01.00.09 Description A security issue exists in Beetel 777VR1 up to version 01.00.09, related to the Telnet Service/SSH Service component. The issue involves insecure default initialization of a resource and can be...
Beetel 777VR1 加密问题漏洞
Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09 and earlier have a security vulnerability related to encryption algorithms used by the SSH Service component...
📄 Pterodactyl Panel Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Pterodactyl Panel versions before 1.11.11. The vulnerability allows an attacker to write a malicious PHP file via the locale functionality and then execute it to gain a reverse shell...
Wireshark: NULL Pointer Dereference in Wireshark
A flaw was found in Wireshark’s SSH dissector, caused by a missing NULL check in key exchange parameter handling. This vulnerability can trigger a segmentation fault when processing malformed SSH traffic or crafted capture files, potentially causing the application to crash and resulting in a...
Malicious code in cicibot-fix-message-naming (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7fb20d1d9da8ede0270346034bb6fdca56ef578e35a73b4cb0301664ab4a27ab Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-921 Malicious code in cicibot-fix-message-naming (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7fb20d1d9da8ede0270346034bb6fdca56ef578e35a73b4cb0301664ab4a27ab Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Command Injection
@signalk/set-system-time, is vulnerable to command injection. The vulnerability is due to unsafe construction of shell commands while processing navigation.datetime values via WebSocket delta messages, which allows an attacker with write access or unauthenticated access when security is disabled ...
📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload
Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit. ============================================================================================================================================= | Title : Precurio Intranet Portal 4.4...
Malicious code in dns-execution-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4fc1fd65caa9c7f199fba16c9d3772c7db895ed78b29130a7ddc3347a4b34ba7 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...