Lucene search
K

31219 matches found

OSV
OSV
added 2026/02/16 5:55 p.m.5 views

MAL-2026-921 Malicious code in cicibot-fix-message-naming (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7fb20d1d9da8ede0270346034bb6fdca56ef578e35a73b4cb0301664ab4a27ab Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.9AI score
Exploits0References1
Veracode
Veracode
added 2026/02/16 11:32 a.m.9 views

Command Injection

@signalk/set-system-time, is vulnerable to command injection. The vulnerability is due to unsafe construction of shell commands while processing navigation.datetime values via WebSocket delta messages, which allows an attacker with write access or unauthenticated access when security is disabled ...

9.9CVSS6.1AI score0.04163EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2026/02/16 12:0 a.m.137 views

📄 Precurio Intranet Portal 4.4 Cross Site Request Forgery / Shell Upload

Precurio Intranet Portal version 4.4 proof of concept cross site request forgery and remote shell upload exploit. ============================================================================================================================================= | Title : Precurio Intranet Portal 4.4...

5AI score
Exploits0
OSV
OSV
added 2026/02/15 11:20 p.m.6 views

MAL-2026-910 Malicious code in dns-execution-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4fc1fd65caa9c7f199fba16c9d3772c7db895ed78b29130a7ddc3347a4b34ba7 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/15 11:20 p.m.8 views

Malicious code in dns-execution-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4fc1fd65caa9c7f199fba16c9d3772c7db895ed78b29130a7ddc3347a4b34ba7 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/02/15 10:48 a.m.28 views

CVE-2025-32063 Enabling SSH server on Infotainment ECU

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server...

6.8CVSS0.00232EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/15 10:48 a.m.4 views

EUVD-2025-206902

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server...

6.8CVSS5.5AI score0.00232EPSS
Exploits0References3
CVE
CVE
added 2026/02/15 10:48 a.m.29 views

CVE-2025-32063

CVE-2025-32063 describes a misconfiguration in the Bosch Infotainment ECU. During startup of a specific systemd service, developer features are activated: firewall can be disabled and an SSH server is started. Identified on Nissan Leaf ZE1 (2020). CVSSv3.1 base score 6.8 (MEDIUM) with physical ac...

6.8CVSS5.5AI score0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/15 10:48 a.m.6 views

CVE-2025-32063

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server...

6.8CVSS5.5AI score0.00232EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.7 views

Bosch Infotainment ECU 安全漏洞

The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU, which stems from improper configuration during the startup phase of a specific Systemd service. This vulnerability may lead to the...

6.8CVSS5.8AI score0.00232EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.9 views

CVE-2026-25933

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/14 1:26 a.m.5 views

CVE-2019-25318

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button ...

8.8CVSS6.1AI score0.00291EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/02/13 6:59 p.m.238 views

Xerte Online Toolkits Arbitrary File Upload - Import Language

This module exploits an authentication bypass allowing arbitrary file upload in versions 3.14 and earlier to upload and execute a shell. Module Options msf use exploit/multi/http/xerteunauthenticatedimportlanguage msf exploitxerteunauthenticatedimportlanguage show targets ...targets... msf...

5.5AI score
Exploits0
Metasploit
Metasploit
added 2026/02/13 6:59 p.m.478 views

FreeBSD rtsold/rtsol DNSSL Command Injection

This module exploits a command injection vulnerability CVE-2025-14558 in FreeBSD's rtsol8 and rtsold8 programs. These programs do not validate the domain search list options provided in IPv6 Router Advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell...

7.2CVSS5.5AI score0.06272EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.135 views

📄 Xerte Online Toolkits 3.14 Upload Image Shell Upload

This Metasploit module exploits the user template file import functions unrestricted file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is Db...

5.6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.176 views

📄 Xerte Online Toolkits 3.14 Template Import Shell Upload

This Metasploit module exploits an authentication bypass allowing arbitrary file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. Specifically, this targets /websitecode/php/import/import.php. Note: this Metasploit module results in directories being create...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.134 views

📄 Xerte Online Toolkits 3.14 Import Language Shell Upload

This Metasploit module exploits an authentication bypass allowing arbitrary file upload in Xerte Online Toolkits versions 3.14 of and earlier to upload and execute a shell. This module requires Metasploit: https://metasploit.com/download Current source:...

5.8AI score
Exploits0
OSV
OSV
added 2026/02/13 12:0 a.m.3 views

UBUNTU-CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

3.1CVSS5.8AI score0.00442EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.5 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.7)

The version of AHV installed on the remote host is prior to AHV-10.0.1.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.7 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function...

8.8CVSS7.1AI score0.01279EPSS
Exploits2References5
NVD
NVD
added 2026/02/12 11:16 p.m.7 views

CVE-2019-25327

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

9.8CVSS0.00453EPSS
Exploits0References3
Rows per page
Query Builder