CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

PT-2026-33229

Summary goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can expose or modify unrelated server files. Details The SFTP...

📄 RustFly 2.0.0 Event Manipulation

The remote UI control mechanism of RustFly accepts raw hex-encoded instructions over UDP. Some sequences trigger execution of remote system-level operations. Improper sanitization allows command-level injection. Version 2.0.0 is affected...

OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability

Talos Vulnerability Report TALOS-2025-2292 OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability February 18, 2026 CVE Number CVE-2025-61982 SUMMARY An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A...

ibaPDA security vulnerabilities

ibaPDA is an industrial process data acquisition and analysis system developed by the German company iba. There is a security vulnerability in ibaPDA, which allows unauthorized operations on the file system under certain conditions. This vulnerability may affect the confidentiality, integrity, or...

CVE-2026-22909

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations...

CVE-2025-54547

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

CVE-2025-54547

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

CVE-2025-54547

CVE-2025-54547 affects Arista DANZ Monitoring Fabric and related platforms where SSH session multiplexing (ControlMaster) is used. The issue allows SSH sessions multiplexed onto the same channel (e.g., scp/sftp) to perform file-system operations after a session timeout, under specific conditions ...

CVE-2025-54547 On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

EUVD-2019-5008

Malware in sbrugna...

EUVD-2020-0279

Malware in sbrugna...

EUVD-2013-0676

Malware in sbrugna...

EUVD-2021-13092

Malware in sbrugna...

EUVD-2023-45854

Malicious code in bioql PyPI...

EUVD-2023-52442

Malicious code in bioql PyPI...

EUVD-2022-31218

Malicious code in bioql PyPI...

EUVD-2023-41853

Malicious code in bioql PyPI...

EUVD-2023-28503

Malicious code in bioql PyPI...

EUVD-2023-45860

Malicious code in bioql PyPI...