CVE-2026-5535 FedML-AI FedML MQTT Message FileUtils.java path traversal

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

CVE-2026-5535

FedML-AI FedML up to 0.8.9 has a path traversal flaw in the MQTT Message Handler’s FileUtils.java triggered by manipulating the dataSet argument. The issue is remotely exploitable and an exploit has been publicly released. Affected component: MQTT Message Handler (FileUtils.java) within FedML-Fed...

PT-2026-30406

Name of the Vulnerable Software and Affected Versions FedML-AI FedML versions up to 0.8.9 Description A security flaw exists in FedML-AI FedML up to version 0.8.9, specifically within the MQTT Message Handler component. Manipulation of the dataSet argument in an unknown function of the file...

EUVD-2018-17646

Malware in sbrugna...

EUVD-2021-9140

Malicious code in bioql PyPI...

EUVD-2025-5292

Malicious code in bioql PyPI...

EUVD-2021-9141

Malicious code in bioql PyPI...

CVE-2025-24003 MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations...

CVE-2024-50694

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow...

CVE-2024-50698

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content...

CVE-2024-50697

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow...

CVE-2021-21969

An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at 4 the jsonobjectgetstring to populate the ppayload global variable. The ppayload is only 0x100 bytes long, a...

CVE-2024-50696

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...

CVE-2024-50696

SunGrow WiNet-S firmware upgrade process lacks integrity checking for updates in V200.001.00.P025 and earlier. A crafted MQTT message can trigger installation of a bogus firmware file hosted on an attacker-controlled server, potentially compromising an inverter or WiNet connectivity dongle. Affec...

CVE-2024-50696

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...

CVE-2024-52324

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands...

CVE-2024-50694

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow...

CVE-2024-50698

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content...

CVE-2024-50695

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks...

CVE-2024-50698

CVE-2024-50698 affects SunGrow WiNet-SV200.001.00.P027 and earlier: the vulnerability is a heap-based buffer overflow caused by insufficient bounds checks on MQTT message content. This could potentially allow remote code execution on affected devices. Connected advisories corroborate a need for a...