21 matches found
Endian Firewall user parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall user parameter, which stems from improper handling of the user parameter in /cgi-bin/proxyuser.cgi, and can be exploited by an attacker to inject malicious...
CVE-2026-34813 Endian Firewall /cgi-bin/proxyuser.cgi user Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
Endian Firewall 跨站脚本漏洞
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall user parameter, which stems from improper handling of the user parameter in /cgi-bin/proxyuser.cgi, and can be exploited by an attacker to inject malicious...
EUVD-2025-30813
Malicious code in bioql PyPI...
EUVD-2025-30807
Malicious code in bioql PyPI...
CVE-2025-57602
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...
CVE-2025-57601
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...
CVE-2025-57601
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...
CVE-2025-57602
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...
PT-2025-38730
Name of the Vulnerable Software and Affected Versions AiKaan Cloud Controller affected versions not specified Description The AiKaan Cloud Controller utilizes a single, hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an...
CVE-2025-57601
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...
CVE-2025-57602
CVE-2025-57602 affects the AiKaan IoT management platform. The issue stems from insufficient hardening of the proxyuser account and the use of a shared, hardcoded SSH private key, which can allow remote attackers to authenticate to the cloud controller, obtain an interactive shell, and pivot to o...
PT-2025-38731
Name of the Vulnerable Software and Affected Versions AiKaan IoT management platform affected versions not specified Description The AiKaan IoT management platform suffers from inadequate hardening of the proxyuser account and utilizes a shared, hardcoded SSH private key. This combination enables...
AiKaan Cloud Controller 安全漏洞
AiKaan Cloud Controller is a monitoring platform for Internet edge devices from AiKaan India. AiKaan Cloud Controller has a security vulnerability that stems from remote endpoint access using a hard-coded SSH private key and username proxyuser, which could allow an attacker to impersonate a manag...
AiKaan IoT management platform 安全漏洞
Aikaan IoT management platform is a management platform from Aikaan India. AiKaan IoT management platform suffers from a security vulnerability that stems from insufficiently hardened proxyuser accounts and the use of a shared hard-coded SSH private key, which could lead to remote code execution,...
CVE-2025-57601
Affected software : AiKaan Cloud Controller. Vulnerability : uses a single hardcoded SSH private key and the same proxyuser for remote terminal access to all managed IoT/edge devices; when Open Remote Terminal is invoked, the static key is sent to the target device, enabling reverse SSH tunnels t...
CVE-2025-57602
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...
CVE-2025-57601
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...
CVE-2025-57602
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...
Apache Spark < 3.4.0 Privilege Escalation (CVE-2023-22946)
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...