4 matches found
CVE-2026-58123
Technical details (affected version 0.51.788, exploit steps, impact) are not publicly available in the provided documents. Monitor for updates.
PYSEC-2026-407 Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...
CVE-2020-10789
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php...
cayman.txt
try using '' as a username without a password for cayman routers. login: Password: Terminal shell v1.0 Cayman-DSL Model 3220-H, DMT-ADSL Alcatel plus 4-port hub Running GatorSurf version 5.3.0 build R1 completed login: user level Cayman-DSLSNIP ================================== Russell Handorf...