300 matches found
Remote Code Execution (RCE)
ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper output neutralization for logs because malicious input passed into the train method is concatenated into shell commands, allowing arbitrary command execution...
Malicious code in test-mlw2-gabby-cache-train-goons (npm)
The package test-mlw2-gabby-cache-train-goons was found to contain malicious code...
MAL-2025-35383 Malicious code in test-mlw2-gabby-cache-train-goons (npm)
The package test-mlw2-gabby-cache-train-goons was found to contain malicious code...
MAL-2025-27036 Malicious code in myyntikone-cal-traintypes (npm)
The package myyntikone-cal-traintypes was found to contain malicious code...
The vulnerability of the BCH Handler component in the End-of-Train and Head-of-Train protocols allows a attacker to trigger a service failure.
The vulnerability of the BCH Handler component in the End-of-Train and Head-of-Train protocols relates to the bypassing of authentication processes. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Improper Output Neutralization for Logs
Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the train method. An attacker can execute arbitrary system commands by injecting malicious input into parameters that a...
China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year
Plus: Secret IRS data-sharing with ICE, a 20-year-old hackable vulnerability in train brakes, and more...
Hacking Trains
Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device FRED, also known as an End-of-Train EOT device, is attached to the back of a train and sends...
Man Gets Suspended Sentence for Hate-Fueled UK Train Stations WiFi Hack
British citizen John Wik sentenced for Islamophobic WiFi hack at UK train stations in Sept 2024. Learn about…...
CVE-2025-1727 End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication
The protocol used for remote linking over RF for End-of-Train and Head-of-Train also known as a FRED relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting...
CVE-2025-1727 End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication
The protocol used for remote linking over RF for End-of-Train and Head-of-Train also known as a FRED relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting...
CVE-2025-1727
CVE-2025-1727 describes a weakness in the End-of-Train/Head-of-Train (EoT/HoT) remote linking protocol that relies on a BCH checksum. The Red Hat entry and other sources mirror the NVD description: an attacker with appropriate access could craft EoT/HoT packets (via software‑defined radio) and is...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...
PT-2025-29125
Name of the Vulnerable Software and Affected Versions End-of-Train EoT and Head-of-Train HoT devices affected versions not specified Description A critical vulnerability exists in the remote linking protocol used for End-of-Train EoT and Head-of-Train HoT devices, which rely on a BCH checksum for...
CVE-2025-0529
A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the argument username leads to stack-based buffer overflow. Attacking locally is a requirement. The...
CVE-2022-43079
A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
CVE-2022-42992
Multiple stored cross-site scripting XSS vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields...
CVE-2022-3774
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /trainschedulerapp/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may...
CVE-2025-4038
A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...
CVE-2025-4038
A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...