CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

Siemens ROS# 安全漏洞

Siemens ROS is a robot operating system communication framework based on C and .NET by the German company Siemens. Versions of Siemens ROS prior to V2.2.2 contained security vulnerabilities. These vulnerabilities were caused by improperly cleaned user inputs, leading to path traversal attacks. Th...

CVE-2026-8153 Command injection in Dashboard Server interface

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

Environment-Grounded Multi-Agent Workflow for Autonomous Penetration Testing

The increasing complexity and interconnectivity of digital infrastructures make scalable and reliable security assessment methods essential. Robotic systems represent a particularly important class of operational technology, as modern robots are highly networked cyber-physical systems deployed in...

CVE-2026-26011

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometrymsgs/PoseWithCovarianceStamped message with extreme covariance values to...

CVE-2026-26011 Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometrymsgs/PoseWithCovarianceStamped message with extreme covariance values to...

PT-2026-7903

Name of the Vulnerable Software and Affected Versions navigation2 versions prior to 1.3.11 Description navigation2 is a ROS 2 Navigation Framework and System. A heap out-of-bounds write issue exists in Nav2 AMCL’s particle filter clustering logic. An unauthenticated attacker on the same ROS 2 DDS...

CVE-2024-41921

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...

CVE-2024-41148

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...

CVE-2024-39780

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

CVE-2025-41109

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

CVE-2025-41110

Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full...

CVE-2025-41109

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

EUVD-2025-35338

Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full...

CVE-2025-41110

CVE-2025-41110 affects Ghost Robotics Vision 60, specifically APK v0.27.2. The issue arises from an authorization flaw in the ROS 2 stack, permitting connections to the robot’s WiFi and SSH without authentication. Consequences stated across sources include data exposure and full control of the ro...

CVE-2025-41109 Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

EUVD-2024-54798

Malicious code in bioql PyPI...

EUVD-2024-54800

Malicious code in bioql PyPI...

EUVD-2025-21808

Malicious code in bioql PyPI...

EUVD-2022-50908

Malicious code in bioql PyPI...