44949 matches found
SolaX Power Pocket 安全漏洞
SolaX Power Pocket is a monitoring data collection tool developed by SolaX Energy in China. There is a security vulnerability in SolaX Power Pocket, which stems from the lack of server certificate verification when connecting to the SolaX Cloud MQTTS server. This vulnerability could allow a...
CVE-2024-26479
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...
CVE-2024-26479
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...
CVE-2025-52436
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...
CVE-2026-2249
METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...
CVE-2026-2249 Unauthenticated Remote Command Execution via Web Console in METIS DFS
METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...
CVE-2026-2249 Unauthenticated Remote Command Execution via Web Console in METIS DFS
METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...
CVE-2026-2249
METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...
CVE-2026-2249
METIS DFS devices expose an unauthenticated web-based shell at /console, allowing remote command execution with daemon privileges on affected versions (
CVE-2026-2248
METIS WIC devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root UID 0 privileges. This results in full system compromis...
CVE-2026-2248 Unauthenticated Remote Root Shell Access via Web Console in METIS WIC
METIS WIC devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root UID 0 privileges. This results in full system compromis...
CVE-2026-2248
CVE-2026-2248 affects METIS WIC devices (versions
Malicious code in jsonconfig-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 883897a307b53ac17e981eac46b8d6f8c31d88fc2628c6d57c5f7f191ed84b81 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...
MAL-2026-849 Malicious code in jsonconfig-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 883897a307b53ac17e981eac46b8d6f8c31d88fc2628c6d57c5f7f191ed84b81 During installation, package installs a script that listens for remote commands and executes them. The script is also added to autostart configuration and...
CVE-2026-25807
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...
CVE-2024-26479
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...
statping-ng 安全漏洞
Statping-ng is an open-source server monitoring software developed by Statping-ng. Version 0.91.0 of Statping-ng contains a security vulnerability. This vulnerability stems from improper handling of specially crafted requests to the command execution function, which may lead to the disclosure of...
METIS DFS 安全漏洞
METIS DFS is a data processing software developed by the Greek company METIS. Versions of METIS DFS 2.1.234-r18 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /console endpoint, which exposed a web-based shell without authentication requirements. This could...
CVE-2024-26479
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...
PT-2026-7653
Name of the Vulnerable Software and Affected Versions Statping-ng version 0.91.0 Description An issue exists that allows an attacker to obtain sensitive information via a crafted request to the Command execution function. The issue is present in the Command execution function. Recommendations At...