Lucene search
K

31220 matches found

Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20536

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

9.8CVSS6.5AI score0.00638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20369

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...

8.6CVSS5.8AI score0.01709EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.6 views

PT-2026-20537

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

9.8CVSS6.6AI score0.00653EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20567

Name of the Vulnerable Software and Affected Versions aquasecurity/trivy-action versions 0.31.0 through 0.33.1 Description A command injection issue exists in aquasecurity/trivy-action due to insufficient handling of action inputs when exporting environment variables. The action creates export VA...

5.9CVSS5.9AI score0.01298EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-23538

Name of the Vulnerable Software and Affected Versions openclaw versions prior to 2026.2.14 Description The OpenClaw exec-approvals allowlist validation checks tokens before expansion, but execution uses shell expansion. This allows safe binaries like head, tail, or grep to read arbitrary local...

8.6CVSS5.9AI score0.00167EPSS
Exploits0References12
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.142 views

📄 SAP NetWeaver 7.50 Visual Composer Metadata Shell Upload

SAP NetWeaver Visual Composer contains an unauthenticated file upload vulnerability in the metadata uploader component that allows attackers to upload arbitrary files including JSP web shells and WAR applications, leading to remote code execution on the SAP server. The vulnerability exists in the...

10CVSS9.3AI score0.99359EPSS
Exploits18
GithubExploit
GithubExploit
added 2026/02/17 8:43 p.m.142 views

Startup

Startup – Professional Write-up Platform: TryHackMe Tar...

6.8AI score
Exploits0
OSV
OSV
added 2026/02/17 5:21 p.m.6 views

CVE-2026-2618

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

7.4CVSS5.2AI score0.0034EPSS
Exploits1References5
NVD
NVD
added 2026/02/17 5:21 p.m.10 views

CVE-2026-2618

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

7.4CVSS0.0034EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/17 4:44 p.m.4 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via cmd.exe on Windows nodes when exec allowlist or approval gating is enabled. An attacker can execute unauthorized commands by crafting input that leverages Windows...

9.8CVSS5.8AI score0.00499EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/17 4:32 p.m.29 views

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

6.3CVSS0.0034EPSS
Exploits1References5
OSV
OSV
added 2026/02/17 4:20 p.m.4 views

CVE-2026-2617

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...

8.8CVSS5.2AI score0.00636EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/17 3:32 p.m.26 views

CVE-2026-2617 Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource

A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made publ...

6.3CVSS0.00636EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/02/17 12:35 p.m.136 views

System-Exploitation-Privilege-Escalation

System Exploitation & Privilege Escalation Lab 📄 Project O...

5.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.8 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

7.5CVSS7.2AI score0.00579EPSS
Exploits1References8
OSV
OSV
added 2026/02/17 12:40 a.m.11 views

CLEANSTART-2026-UH39784 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the istio-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00579EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.5 views

PT-2026-20549

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.16.0 Description Weblate is a web-based localization tool. The SSH management console did not validate input when adding an SSH host key, potentially leading to an argument injection into the ssh-add function. This...

9.1CVSS5.3AI score0.00447EPSS
Exploits3References13
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20335

Name of the Vulnerable Software and Affected Versions Beetel 777VR1 versions up to 01.00.09 Description A security issue exists in Beetel 777VR1 up to version 01.00.09, related to the Telnet Service/SSH Service component. The issue involves insecure default initialization of a resource and can be...

6.3CVSS5.2AI score0.00636EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.5 views

Beetel 777VR1 加密问题漏洞

Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09 and earlier have a security vulnerability related to encryption algorithms used by the SSH Service component...

7.4CVSS5.8AI score0.0034EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2026/02/17 12:0 a.m.240 views

📄 Pterodactyl Panel Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Pterodactyl Panel versions before 1.11.11. The vulnerability allows an attacker to write a malicious PHP file via the locale functionality and then execute it to gain a reverse shell...

10CVSS6.5AI score0.13105EPSS
Exploits28
Rows per page
Query Builder