CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

CVE-2026-0231

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...

Linux Distros Unpatched Vulnerability : CVE-2025-54289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions a...

EUVD-2025-32096

Malicious code in bioql PyPI...

CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

CVE-2025-54289

CVE-2025-54289 : Privilege escalation in Canonical LXD

[SECURITY] Fedora 42 Update: screen-5.0.1-4.fc42

The screen utility allows you to have multiple logins on just one terminal. Screen is useful for users who telnet into a machine or are connected via a dumb terminal, but want to use more than just one login. Install the screen package if you need a screen manager that can support multiple logins...

Cisco Catalyst Center Static SSH Host Key (cisco-sa-dnac-ssh-e4uOdASj)

The version of Cisco Catalyst Center formerly Cisco DNA Center installed on the remote host is prior to 2.3.5.6, 2.3.6.x, or 2.3.7.x prior to 2.3.7.5. It is, therefore, affected by a vulnerability in the SSH server that could allow an unauthenticated, remote attacker to impersonate a Cisco Cataly...

CVE-2024-20350

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...

CVE-2024-20350 Cisco Catalyst Center Static SSH Host Key Vulnerability

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, t...

Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory such as C:\ to store a program that can then be unintentionally executed by another local user when that user utilizes ...

Linux: Disabled talk server

The talk software makes it possible for users to send and receive messages across systems through a terminal session. The talk client allows initiate of talk sessions is installed by default. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced...

iSelect v1.4 - Local Buffer Overflow

iSelect v1.4 - Local Buffer Overflow Exploit developed using Exploit Pack v7.01 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: iSelect Affected value: -k, --key=KEY Version: 1.4.0-2+b1 Tested and developed under: Kali Linux 2.0 x86 -...

Cross site request forgery (csrf)

The banner aka MOTD implementation in Cisco NX-OS 4.12E11f on Nexus 4000 devices, 5.21SV32.1 on Nexus 1000V devices, 6.02N22 on Nexus 5000 devices, 6.211 on MDS 9000 devices, 6.212 on Nexus 7000 devices, 7.03 on Nexus 9000 devices, and 7.20ZN99.67 on Nexus 3000 devices allows remote attackers to...

CVE-2014-2942

Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.or...

MyAuth3 - Blind SQL Injection

Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit is needed to dump system pwd...

CVE-2007-4632

Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a 1 VTY/AUX or 2 CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different...

Novell Netware client restriction bypass

Problem with profile handling under terminal session...