CVE-2025-13605

The CVE-2025-13605 vulnerability affects the 3onedata GW1101-1D(RS-485)-TB-P Modbus gateway (hardware version V2.2.0). An authenticated user can execute arbitrary shell commands with root privileges by supplying a payload in the IP address field of the diagnosis test tools. This issue has a CVSSv...

CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

JLSEC-2026-391

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

JLSEC-2026-430 When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file,...

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

JLSEC-2026-424 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was...

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

Google Android 安全漏洞

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

Joern 4.0.532

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-36912

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1 FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'makeRequest.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the s...

PT-2026-36911

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'internet.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...

PT-2026-36889

Name of the Vulnerable Software and Affected Versions Android versions 14 through 16 Description A logic error in the adbd tls verify cert function within auth.cpp of the Android Debug Bridge ADB daemon allows a bypass of wireless ADB mutual authentication. The issue stems from a type confusion...

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from the sz11gChannel ...

D-Link DIR-600L 信任管理问题漏洞

The D-Link DIR-600L is an entry-level wireless router from D-Link Corporation. It supports 150Mbps wireless transmission and has 4 Gigabit wired ports. There is a trust management vulnerability in the D-Link DIR-600L Hardware Revision A1. This vulnerability stems from a hard-coded telnet backdoor...

nimrc 1.0.0

nimrm is a native WinRM interactive shell client written in Nim. It's designed to be a compact and fast tool for system administration and authorized security testing. Key features include NTLM and Kerberos authentication, in-memory operations, file transfers, OPSEC awareness, and cross platform...

Astra Linux - уязвимость в golang-1.19

The command go env command is documented as outputting a shell script containing the Go environment. However, go env does not sanitize the values it outputs. Therefore, executing its output as a shell script can lead to various malicious behaviors, including executing arbitrary commands or...

Astra Linux - уязвимость в sssd

A flaw was discovered in SSSD, where the sssctl command was vulnerable to shell command injection through the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into executing a specially crafted sssctl command, such as using sudo, in order to gain root...