Lucene search
+L

6 matches found

ossf
ossf
added last week10 views

Malicious code in proxy-check-i (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...

6.3AI score
Exploits0References3
osv
osv
added 2026/01/07 9:15 p.m.5 views

CVE-2025-61939

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

4.4CVSS5.8AI score0.00241EPSS
Exploits0References2
nvd
nvd
added 2026/01/07 9:15 p.m.7 views

CVE-2025-61939

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

8.8CVSS0.00241EPSS
Exploits0References2
cvelist
cvelist
added 2026/01/07 7:56 p.m.25 views

CVE-2025-61939 Columbia Weather Systems MicroServer Improper Restriction of Communication Channel to Intended Endpoints

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

8.8CVSS0.00241EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/07 7:56 p.m.5 views

CVE-2025-61939 Columbia Weather Systems MicroServer Improper Restriction of Communication Channel to Intended Endpoints

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker...

8.8CVSS6.2AI score0.00241EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/01/07 12:0 a.m.10 views

PT-2026-1835

Name of the Vulnerable Software and Affected Versions MicroServer affected versions not specified Description An unused function in MicroServer can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker with local network access and administrati...

8.8CVSS6.1AI score0.00241EPSS
Exploits0References8
Rows per page
Query Builder