31220 matches found
PT-2026-20536
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...
PT-2026-20369
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...
PT-2026-20537
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...
PT-2026-20567
Name of the Vulnerable Software and Affected Versions aquasecurity/trivy-action versions 0.31.0 through 0.33.1 Description A command injection issue exists in aquasecurity/trivy-action due to insufficient handling of action inputs when exporting environment variables. The action creates export VA...
PT-2026-23538
Name of the Vulnerable Software and Affected Versions openclaw versions prior to 2026.2.14 Description The OpenClaw exec-approvals allowlist validation checks tokens before expansion, but execution uses shell expansion. This allows safe binaries like head, tail, or grep to read arbitrary local...
📄 SAP NetWeaver 7.50 Visual Composer Metadata Shell Upload
SAP NetWeaver Visual Composer contains an unauthenticated file upload vulnerability in the metadata uploader component that allows attackers to upload arbitrary files including JSP web shells and WAR applications, leading to remote code execution on the SAP server. The vulnerability exists in the...
Startup
Startup – Professional Write-up Platform: TryHackMe Tar...
CVE-2026-2618
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...
CVE-2026-2618
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via cmd.exe on Windows nodes when exec allowlist or approval gating is enabled. An attacker can execute unauthorized commands by crafting input that leverages Windows...
CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...
CVE-2026-2617
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...
CVE-2026-2617 Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...
System-Exploitation-Privilege-Escalation
System Exploitation & Privilege Escalation Lab 📄 Project O...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
CLEANSTART-2026-UH39784 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process
Multiple security vulnerabilities affect the istio-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...
PT-2026-20549
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.16.0 Description Weblate is a web-based localization tool. The SSH management console did not validate input when adding an SSH host key, potentially leading to an argument injection into the ssh-add function. This...
PT-2026-20335
Name of the Vulnerable Software and Affected Versions Beetel 777VR1 versions up to 01.00.09 Description A security issue exists in Beetel 777VR1 up to version 01.00.09, related to the Telnet Service/SSH Service component. The issue involves insecure default initialization of a resource and can be...
Beetel 777VR1 加密问题漏洞
Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09 and earlier have a security vulnerability related to encryption algorithms used by the SSH Service component...
📄 Pterodactyl Panel Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Pterodactyl Panel versions before 1.11.11. The vulnerability allows an attacker to write a malicious PHP file via the locale functionality and then execute it to gain a reverse shell...