94 matches found
[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
[SECURITY] Fedora 44 Update: openbao-2.5.4-1.fc44
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
Exploit for CVE-2026-29000
HackTheBox — Principal Difficulty: Medium OS: Linux...
[SECURITY] Fedora 44 Update: openbao-2.5.3-1.fc44
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
[SECURITY] Fedora 43 Update: openbao-2.5.3-1.fc43
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
Veeam Backup and Replication 13.x < 13.0.1.2067 Multiple Vulnerabilities (KB4738 / KB4831)
The version of Veeam Backup and Replication installed on the remote Windows host is prior to 13.0.1.2067. It is, therefore, affected by multiple vulnerabilities: - A vulnerability allowing an authenticated domain user to perform remote code execution RCE on the Backup Server. CVE-2026-21669 - A...
CVE-2026-21670
A vulnerability allowing a low-privileged user to extract saved SSH credentials...
CVE-2026-21670
Veeam Backup & Replication versions prior to 13.0.1.2067 are affected by CVE-2026-21670, enabling a low-privileged user to extract saved SSH credentials. The issue is documented in the Veeam KB (KB4831) and is listed with a CVSS v3.1 score of 7.7 (High). Affected deployment types include Windows-...
Veeam Backup And Replication 安全漏洞
Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. Veeam Backup and Replication has a security vulnerability that stems from allowing low-privilege users to extract stored SSH credentials...
Malicious code in remjsonparse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...
Directory Traversal
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the SSH node when workflows process uploaded files and transfer them to remote servers without validating their metadata. An attacker can write files to unintended locations ...
TTY PLUS MTPuTTY security vulnerabilities
TTY PLUS MTPuTTY is a Shell management tool developed by TTY PLUS Corporation. Version 1.0.1.21 of TTY PLUS MTPuTTY contains a security vulnerability. This vulnerability stems from the Windows PowerShell process list potentially exposing SSH connection passwords, leading to the leakage of sensiti...
CVE-2018-25138
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...
CVE-2025-67511
Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...
EUVD-2025-202335
Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...
CVE-2025-67511 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...
CVE-2025-45378
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials...
CVE-2025-41110
Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full...
EUVD-2025-35338
Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full...
Ghost Robotics Vision 60 授权问题漏洞
Ghost Robotics Vision 60 is a quadrupedal ground robot from Ghost Robotics, USA. Ghost Robotics Vision 60 version v0.27.2 suffers from an authorization issue vulnerability that stems from WiFi and SSH credential disclosure, which could lead to an attacker connecting to the robot's WiFi and SSH to...