Lucene search
K

1626 matches found

Snyk
Snyk
added 2026/03/15 9:27 a.m.2 views

Command Injection

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Command Injection via the --container parameter. An attacker can...

8.8CVSS7.3AI score0.01456EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/15 9:27 a.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the --container parameter. An attacker can execute unauthorized commands by supplying specially crafted input that is not properly sanitized. Note: This is only exploitable if the attacker has shell access to the...

8.8CVSS7.2AI score0.01456EPSS
Exploits1References2
CVE
CVE
added 2026/03/11 6:23 p.m.7 views

CVE-2019-25483

The CVE-2019-25483 entry concerns the Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k device, where a restricted shell escape vulnerability allows local users to bypass command restrictions via the command substitution operator $( ). Attackers can inject arbitrary commands through $( ) when pa...

8.6CVSS6AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 9:30 a.m.7 views

EUVD-2025-208368

A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...

7.8CVSS5.9AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 9:31 a.m.6 views

EUVD-2026-9371

International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...

7.8CVSS6AI score0.00476EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/04 7:34 a.m.6 views

CVE-2026-28776 Hardcoded and Insecure Credentials for "monitor" account with SSH Access On IDC SFX2100 Satellite Receiver

International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...

7.8CVSS6AI score0.00476EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22879

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX2100 Satellite Receiver affected versions not specified Description The SFX2100 Satellite Receiver has a default, easily guessable password for the user usr account. An unauthenticated remote attack...

9.2CVSS6AI score0.00486EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.6 views

PT-2026-22878

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver affected versions not specified Description The IDC SFX Series SuperFlex SatelliteReceiver includes hardcoded credentials for the monitor account. A remote,...

7.8CVSS6AI score0.00476EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2026/02/25 5:46 p.m.13 views

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/11 9:56 a.m.8 views

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat IRC communication protocol for command-and-control C2 purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners...

7.8CVSS6.3AI score0.21312EPSS
Exploits72
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.5 views

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

8.2CVSS5.4AI score0.00198EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/03 12:45 p.m.140 views

Linux-Usermode-Exploitation-101

Linux Usermode Exploitation 101 Introduction The aim of th...

5.8AI score
Exploits0
NVD
NVD
added 2026/02/03 4:15 a.m.14 views

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

8.2CVSS0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 4:15 a.m.3 views

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

7.8CVSS5.8AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/29 2:28 p.m.5 views

EUVD-2020-30904

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

8.8CVSS6.7AI score0.00521EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/01/28 12:0 a.m.177 views

📄 GNU Inetutils 2.7 Telnet Authentication Bypass Scanner

GNU Inetutils version 2.7 telnet authentication bypass scanner that leverages a crafted USER value. This vulnerability is tracked as CVE-2026-24061 and is conceptually related to historical Telnet NEW-ENVIRON issues such as CVE-1999-0192, but affects modern GNU Inetutils implementations...

10CVSS5.9AI score0.98871EPSS
Exploits61
CVE
CVE
added 2026/01/27 8:59 p.m.18 views

CVE-2026-24740

CVE-2026-24740 affects Dozzle before v9.0.3, where a flaw in agent-backed shell endpoints lets a label-filtered user obtain an interactive root shell in out-of-scope containers on the same agent. A patch exists in v9.0.3; upgrade to 9.0.3+ or apply the vendor fix to remediate. Exploitation detail...

9.9CVSS5.9AI score0.00385EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/01/27 12:55 a.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the FindContainer function. An attacker can gain unauthorized interactive shell access to containers outside their permitted label scope by directly targeting container IDs through th...

9.9CVSS5.9AI score0.00385EPSS
Exploits1References2
OSV
OSV
added 2026/01/27 12:55 a.m.8 views

GHSA-M855-R557-5RC5 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Summary A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agent host by directly targeting their container IDs. Note: Tested on v9.0....

8.7CVSS5.8AI score0.00385EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/01/27 12:55 a.m.18 views

Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Summary A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agent host by directly targeting their container IDs. Note: Tested on v9.0....

9.9CVSS5.8AI score0.00385EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder