CVE-2026-48723

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

EUVD-2026-37017

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

CVE-2026-48723 BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary code execution through malicious browserstack.json

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

CVE-2026-48723

BrowserStack Cypress CLI prior to 1.36.4 is vulnerable to OS command injection via the cypress_config_file parameter in readCypressConfigUtil.js (loadJsFile()), which builds a shell command by interpolating cypress_config_filepath into a template literal and runs it with child_process.execSync()....

PT-2026-49536

Name of the Vulnerable Software and Affected Versions browserstack-cypress-cli versions prior to 1.36.4 Description The browserstack-cypress-cli allows users to run Cypress tests on BrowserStack. An OS command injection is possible through the cypress config file configuration parameter. In the...

Malicious code in buildkite-test-collector-cypress-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c10094969be88bd9f1aa924abf89c5dc58dd70e107adf3c95a3f58c0ba86518 The package buildkite-test-collector-cypress-example was found to contain malicious code...

MAL-2026-2731 Malicious code in buildkite-test-collector-cypress-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c10094969be88bd9f1aa924abf89c5dc58dd70e107adf3c95a3f58c0ba86518 The package buildkite-test-collector-cypress-example was found to contain malicious code...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000866)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000866 advisory. drivers/usb/serial/cypressm8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and syste...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003175)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003175 advisory. The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of servi...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003251)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003251 advisory. The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of servi...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003120)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003120 advisory. drivers/usb/serial/cypressm8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and syste...

CVE-2020-10367

Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow memory access via a "Spectra" attack...

CVE-2020-10368

Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack...

CVE-2022-31363

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA010705.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: affected function is pbtransporthandlefrag. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write...

EUVD-2025-206089

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fwurl' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands...

EUVD-2025-206080

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...

CVE-2021-47745

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fwurl' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands...

CVE-2021-47744

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...

CVE-2021-47744

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains a hard-coded credentials issue in its Linux distribution, exposing remote root access via the static password 'Chameleon' over Telnet or SSH. Public sources note potential remote root compromise for affected devices; CVSS metrics in the entry indic...

CVE-2021-47744 Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...