93 matches found
GHSA-V5FF-XMFP-P245 electerm has Command Injection in File System Operations (rmrf, mv, cp)
Impact A command injection vulnerability exists in electerm's file system operations rmrf, mv, cp in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command strings without escaping shell metacharacters. Vulnerable functions: - rmrf - Uses rm...
CVE-2026-3893
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...
PT-2026-33229
Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.6 Description goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, breaking the...
OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2025-2292 OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability February 18, 2026 CVE Number CVE-2025-61982 SUMMARY An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A...
📄 RustFly 2.0.0 Event Manipulation
The remote UI control mechanism of RustFly accepts raw hex-encoded instructions over UDP. Some sequences trigger execution of remote system-level operations. Improper sanitization allows command-level injection. Version 2.0.0 is affected...
ibaPDA security vulnerabilities
ibaPDA is an industrial process data acquisition and analysis system developed by the German company iba. There is a security vulnerability in ibaPDA, which allows unauthorized operations on the file system under certain conditions. This vulnerability may affect the confidentiality, integrity, or...
CVE-2026-22909
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations...
CVE-2025-54547
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...
CVE-2025-54547
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...
CVE-2025-54547
CVE-2025-54547 affects Arista DANZ Monitoring Fabric and related platforms where SSH session multiplexing (ControlMaster) is used. The issue allows SSH sessions multiplexed onto the same channel (e.g., scp/sftp) to perform file-system operations after a session timeout, under specific conditions ...
CVE-2025-54547 On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...
EUVD-2019-5008
Malware in sbrugna...
EUVD-2021-13092
Malware in sbrugna...
EUVD-2020-0279
Malware in sbrugna...
EUVD-2013-0676
Malware in sbrugna...
EUVD-2023-28503
Malicious code in bioql PyPI...
EUVD-2023-41853
Malicious code in bioql PyPI...
EUVD-2022-31218
Malicious code in bioql PyPI...
EUVD-2023-45860
Malicious code in bioql PyPI...
EUVD-2023-52442
Malicious code in bioql PyPI...