Astra Linux - уязвимость в libssh

A malicious SCP server can send unexpected commands that may cause the client application to override local files outside of the working directory. This could be exploited to create malicious executable or configuration files, causing the user to execute them with specific consequences. This is t...

PT-2026-31600

Name of the Vulnerable Software and Affected Versions Hydrosystem Control System versions prior to 9.8.5 Description The Hydrosystem Control System does not properly enforce authorization for certain directories. This allows an unauthorized attacker to read all files within these directories and...

PT-2025-45132

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

EUVD-2005-1307

Malware in sbrugna...

EUVD-2007-4359

Malware in sbrugna...

EUVD-2007-5050

Malware in sbrugna...

EUVD-2020-25285

Malware in sbrugna...

EUVD-2007-1927

Malware in sbrugna...

EUVD-2012-1146

Malware in sbrugna...

EUVD-2009-1499

Malware in sbrugna...

EUVD-2023-36977

Malicious code in bioql PyPI...

GHSA-PH6W-F82W-28W6 Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning

When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...

AVEVA PI Integrator 代码问题漏洞

AVEVA PI Integrator is a business analysis tool from AVEVA UK. AVEVA PI Integrator suffers from a code issue vulnerability that originates from an authenticated attacker who could upload and execute files...

PT-2025-33460 · WordPress · Bizcalendar Web

Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions prior to 1.1.0.51 Description: The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion via the bizcalv shortcode. Authenticated attackers with Contributor-level access and...

CVE-2023-31448

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths,...

Contao 代码问题漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A code issue vulnerability exists in Contao 4.0.0 and prior versions, which originates from a backend user with file manager...

Veritas NetBackup Security Vulnerability

Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies. A security vulnerability exists in Veritas NetBackup versions prior to 8.1.2, and NetBackup versions prior to 3.1.2, which originates from a failure of the BPCD process...

Medium: containerd

Issue Overview: containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to...

Malicious Package

Overview Pathoschild.Stardew.Mod.Build.Config is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on...

Malicious Package

Overview Kraken.Exchange is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's machine,...