Lucene search
K

31222 matches found

CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

libssh 安全漏洞

libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from an overflow in...

8.2CVSS6.6AI score0.00582EPSS
Exploits0References8
NVD
NVD
added 2026/02/09 10:16 p.m.4 views

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

8.8CVSS0.0064EPSS
Exploits2References3
OSV
OSV
added 2026/02/09 9:46 p.m.6 views

CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

8.8CVSS6AI score0.0064EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:46 p.m.5 views

CVE-2026-25807

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

8.8CVSS6AI score0.0064EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/02/09 9:46 p.m.27 views

CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

8.8CVSS0.0064EPSS
Exploits2References3
CVE
CVE
added 2026/02/09 9:46 p.m.19 views

CVE-2026-25807

CVE-2026-25807 affects ZAI Shell before version 9.0.3, where the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without authentication. A remote attacker can connect to a ZAI-Shell P2P session running in --no-ai mode and send arbitrary system commands. If the host user...

8.8CVSS6AI score0.0064EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 9:46 p.m.5 views

CVE-2026-25807 Unauthenticated Remote Code Execution via P2P Sharing in ZAI-Shell

ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature share start opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple...

8.8CVSS6AI score0.0064EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/02/09 9:29 p.m.4 views

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

5.9CVSS5.6AI score0.00132EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 2:16 p.m.6 views

CVE-2025-10465

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server. This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the...

8.8CVSS0.00389EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 12:57 p.m.11 views

CVE-2025-10465

CVE-2025-10465 concerns an unrestricted upload of a dangerous file type in Birtech Information Technologies’ Sensaway web application, allowing an attacker to upload a Web Shell to the web server. The vulnerability affects Sensaway up to version 09022026. The entry notes an unreleased vendor resp...

8.8CVSS5.5AI score0.00389EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 12:57 p.m.29 views

CVE-2025-10465 Unrestricted File Upload in Birtech Information Technologies' Sensaway

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server. This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the...

8.8CVSS0.00389EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 12:57 p.m.5 views

CVE-2025-10465 Unrestricted File Upload in Birtech Information Technologies' Sensaway

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server. This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the...

8.8CVSS5.5AI score0.00389EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/09 12:57 p.m.5 views

CVE-2025-10465

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server. This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the...

8.8CVSS5.5AI score0.00389EPSS
Exploits0References3
Veracode
Veracode
added 2026/02/09 9:38 a.m.7 views

OS Command Injection

clawdbot is vulnerable to an OS command injection. The vulnerability is due to improper escaping and validation of user-supplied input in SSH-related functions, which allows an attacker to inject malicious command strings via the project root path or crafted SSH target arguments, leading to...

7.7CVSS6.1AI score0.00935EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/02/09 8:40 a.m.134 views

Exploit for CVE-2026-2256

CVE-2026–2256 PoC Executive Summary A critical command in...

6.5AI score0.01611EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/02/09 8:37 a.m.12 views

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...

10CVSS6.2AI score0.99621EPSS
Exploits429
GithubExploit
GithubExploit
added 2026/02/09 8:1 a.m.287 views

Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018 + CVE-2025-6019 Exploit Linux Local Privilege...

7.8CVSS7.3AI score0.00957EPSS
Exploits19
CVE
CVE
added 2026/02/09 5:39 a.m.16 views

CVE-2026-22613

The CVE-2026-22613 entry pertains to Eaton Network M3 firmware upgrades via command shell, where the server identity check during upgrade is insecure, enabling potential MITM. Affected component: firmware upgrade mechanism; root cause: insecure server identity verification in upgrade flow. Impact...

5.7CVSS5.4AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.8 views

PT-2026-7112

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not...

8.8CVSS5.5AI score0.00389EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.11 views

PT-2026-7071

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...

5.7CVSS5.5AI score0.00154EPSS
Exploits0References2
Rows per page
Query Builder