(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SSH daemon. The...

(Pwn2Own) QNAP QHora-322 SSH Use of Weak Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default SSH credentials. The issue results from the use of the WAN M...

📄 AK-Nord USB-Server-LXL Privilege Escalation

AK-Nord USB-Server-LXL with firmware versions up to 0.0.16 Build 2023-03-13 suffer from a local privilege escalation vulnerability that achieves root. ================== Overview ================== TL;DR: Using the low-privilege "admin" user account via SSH on the IoT device "USB-Server-LXL" 1, i...

SUSE CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

GO-2025-3762 New authd users logging in via SSH are members of the root group in github.com/ubuntu/authd

New authd users logging in via SSH are members of the root group in github.com/ubuntu/authd...

CVE-2023-53158

A flaw was found in gix-transport. The handling of clone URLs by the crate allows an attacker to execute arbitrary commands by injecting a malicious substring into the URL, specifically through the ssh protocol and ProxyCommand option. This vulnerability allows a local attacker to trigger command...

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

AZL-66020 CVE-2023-53158 affecting package rust for versions less than 1.72.0-8

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

UBUNTU-CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

dirty_sock

dirtysock: Linux Privilege Escalation via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available for research and education. F...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

Debian OpenSSL Predictable PRNG - - - Links Original URL: http://metasploit.com/users/hdm/tools/debian-openssl/1 Mirror2 Exploit: + https://www.exploit-db.com/exploits/5622/ Perl3 + https://www.exploit-db.com/exploits/5720/ Python4 + https://www.exploit-db.com/exploits/5632/ Ruby12 Recommend Tool...

fatt

This is a Python script for extracting network metadata and fingerprints from packet capture files pcap or live network traffic. The script, named "fatt," is designed for monitoring honeypots and other network forensic analysis use cases. It uses the pyshark library, a Python wrapper for tshark,...

CVE-2025-29630

Gardyn Home Kit Firmware allows a remote attacker with the corresponding ssh private key to achieve remote root access...

CVE-2025-29630

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue; there is no indication that an applicable SSH private key has ever been compromised. Notes: none...

libssh 输入验证错误漏洞

libssh is a C development package from the libssh organization for accessing SSH services, which are capable of executing remote commands, file transfers, as well as providing a secure transport channel for remote programs. An input validation error vulnerability exists in libssh that stems from ...

CVE-2025-29630

Summary: CVE-2025-29630 affects Gardyn 4 and enables a remote attacker who possesses the corresponding SSH private key to gain remote root access to affected devices. The vulnerability is characterized by an SSH key backdoor/backdoor-like access enabling total compromise of the device, with high ...

CVE-2025-29630

...

PT-2025-30889 · Gardyn 4 · Gardyn 4

Name of the Vulnerable Software and Affected Versions: Gardyn version 4 Description: An issue in Gardyn 4 allows a remote attacker possessing the corresponding SSH private key to gain remote root access to affected devices. Recommendations: Ensure the SSH private key is securely stored and access...

NewStart CGSL MAIN 7.02 : python-pynacl Vulnerability (NS-SA-2025-0193)

The remote NewStart CGSL host, running version MAIN 7.02, has python-pynacl packages installed that are affected by a vulnerability: - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks suc...