CVE-2026-8072

Insecure generation of credentials in the local SAT Technical Support access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an...

CVE-2026-8072 Insecure generation of SAT access credentials in Ingecon EMS Board

Insecure generation of credentials in the local SAT Technical Support access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an...

CVE-2021-47938

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the satcode parameter. Attackers can authenticate, submit a POST request to...

CVE-2021-47938

ImpressCMS 1.4.2 suffers a remote code execution (RCE) in the autotasks admin interface. An authenticated attacker can send a crafted sat_code payload via POST to /modules/system/admin.php?fct=autotasks&op=mod, resulting in creation of an executable file that accepts arbitrary commands through GE...

CVE-2021-47938 ImpressCMS 1.4.2 Remote Code Execution via Autotasks

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the satcode parameter. Attackers can authenticate, submit a POST request to...

ImpressCMS 代码注入漏洞

ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.4.2 of ImpressCMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw...

PT-2026-39513

ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat code parameter. Attackers can authenticate, submit a POST request to...

CVE-2018-25202 SAT CFDI 3.3 SQL Injection via signIn endpoint

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

CVE-2025-70083

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OSMAXPATHLEN. If the length of DirName i...

CVE-2025-70085

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...

Malicious code in hunim-sat-anin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d211e73e7570c9270fda1058c68235ad20b813efa7919c24491e41a4b6b5662e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-141480

Malicious code in hunim-sat-annin npm...

EUVD-2025-136455

Malicious code in sahur-sat-faguao npm...

EUVD-2025-136523

Malicious code in sahunim-sat-fadabitu npm...

EUVD-2025-141484

Malicious code in hunim-sat-ananafin npm...

EUVD-2025-136519

Malicious code in sahunim-sat-fadaiu npm...

EUVD-2025-136521

Malicious code in sahunim-sat-fadabiu npm...

EUVD-2025-141483

Malicious code in hunim-sat-ananfin npm...

Malicious code in hunim-sat-ananafin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ad143ee104d57fb19bc0b4ddf1f81706b5291661769418e33bf72a94beef73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sahuar-sat-faguao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d49cf69768de79d53a0087250d0af5c4a7fd0f268ce76832b91857fcea2c83e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...