CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console,...

CVE-2023-54344

The vulnerability CVE-2023-54344 affects Eclipse Equinox OSGi 3.7.2 and earlier. The issue resides in the OSGi console interface, where an unauthenticated attacker can send payloads to the console port—specifically base64-encoded bash commands wrapped in fork directives—to achieve remote code exe...

CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console,...

CVE-2023-54344

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...

CVE-2023-54342

CVE-2023-54342 affects Eclipse Equinox OSGi versions 3.8–3.18. It is a remote code execution vulnerability in the OSGi console interface that allows unauthenticated attackers to execute arbitrary Java code by abusing the fork command. Exploitation involves establishing a telnet connection to the ...

web-app-attacks-avengers

web-app-attacks-avengers Ataque a aplicación web: SQL Injectio...

Cisco Secure Email Gateway Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Secure Email Gateway is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Secure Email Gateway due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds,...

PT-2026-36998

Name of the Vulnerable Software and Affected Versions Eclipse Equinox OSGi versions 3.8 through 3.18 Description A remote code execution flaw exists in the console interface. Unauthenticated attackers can execute arbitrary code by exploiting the fork command functionality. This is achieved by...

📄 Xibo CMS SSTI / Remote Code Execution

Xibo CMS versions prior to 4.3.1 suffer from an authenticated remote code execution vulnerability via server-side template injection. Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.22 to 2026.4.12 contained security vulnerabilities. These vulnerabilities were due to insufficient detection by the shell wrapper, allowing attackers to inject environment variable...

CVE-2026-31195

OS command injection vulnerability in the ping diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers to...

GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...

Crestron Touchpanels 参数注入漏洞

Crestron Touchpanels are a series of intelligent network touchscreen devices developed by Crestron Corporation in the United States. These devices are used for scheduling in enterprise meeting rooms, controlling audio-visual systems, and automating smart buildings. Crestron Touchpanels have a...

Joern 4.0.533

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

CVE-2026-31195

OS command injection vulnerability in the ping diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers to...

This Week in Spring - May 5th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...

PT-2026-37273

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. The system fails to inspect...

Cisco Prime Infrastructure Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Prime Infrastructure is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Prime Infrastructure due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds,...

CVE-2026-31196

The vulnerability CVE-2026-31196 affects ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway. The traceroute diagnostic handler (/bin/httpd_clientside) unsafely inserts user-supplied destAddr input into a system() call, enabling authenticated remote attackers to execute arbitrar...