Lucene search
K

300 matches found

Veracode
Veracode
added 2025/08/17 5:49 p.m.6 views

Remote Code Execution (RCE)

ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper output neutralization for logs because malicious input passed into the train method is concatenated into shell commands, allowing arbitrary command execution...

8.1AI score
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in test-mlw2-gabby-cache-train-goons (npm)

The package test-mlw2-gabby-cache-train-goons was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-35383 Malicious code in test-mlw2-gabby-cache-train-goons (npm)

The package test-mlw2-gabby-cache-train-goons was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-27036 Malicious code in myyntikone-cal-traintypes (npm)

The package myyntikone-cal-traintypes was found to contain malicious code...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/08/01 12:0 a.m.8 views

The vulnerability of the BCH Handler component in the End-of-Train and Head-of-Train protocols allows a attacker to trigger a service failure.

The vulnerability of the BCH Handler component in the End-of-Train and Head-of-Train protocols relates to the bypassing of authentication processes. Exploiting this vulnerability can allow a malicious actor to cause service failures...

9.4CVSS8AI score0.0053EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/31 2:4 p.m.4 views

Improper Output Neutralization for Logs

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the train method. An attacker can execute arbitrary system commands by injecting malicious input into parameters that a...

5.9CVSS7.5AI score0.01177EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2025/07/19 10:30 a.m.1 views

China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

Plus: Secret IRS data-sharing with ICE, a 20-year-old hackable vulnerability in train brakes, and more...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/16 4:57 p.m.4 views

Hacking Trains

Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device FRED, also known as an End-of-Train EOT device, is attached to the back of a train and sends...

7.5AI score
Exploits0
HackRead
HackRead
added 2025/07/14 10:34 a.m.4 views

Man Gets Suspended Sentence for Hate-Fueled UK Train Stations WiFi Hack

British citizen John Wik sentenced for Islamophobic WiFi hack at UK train stations in Sept 2024. Learn about…...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2025/07/10 10:59 p.m.11 views

CVE-2025-1727 End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication

The protocol used for remote linking over RF for End-of-Train and Head-of-Train also known as a FRED relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting...

8.1CVSS0.0053EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/10 10:59 p.m.3 views

CVE-2025-1727 End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication

The protocol used for remote linking over RF for End-of-Train and Head-of-Train also known as a FRED relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting...

8.1CVSS7.5AI score0.0053EPSS
Exploits0References1
CVE
CVE
added 2025/07/10 10:59 p.m.80 views

CVE-2025-1727

CVE-2025-1727 describes a weakness in the End-of-Train/Head-of-Train (EoT/HoT) remote linking protocol that relies on a BCH checksum. The Red Hat entry and other sources mirror the NVD description: an attacker with appropriate access could craft EoT/HoT packets (via software‑defined radio) and is...

8.1CVSS6.9AI score0.0053EPSS
Exploits0References1
CISA
CISA
added 2025/07/10 12:0 p.m.4 views

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...

7.1AI score
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.5 views

PT-2025-29125

Name of the Vulnerable Software and Affected Versions End-of-Train EoT and Head-of-Train HoT devices affected versions not specified Description A critical vulnerability exists in the remote linking protocol used for End-of-Train EoT and Head-of-Train HoT devices, which rely on a BCH checksum for...

9.4CVSS8.8AI score0.0053EPSS
Exploits0References27
RedhatCVE
RedhatCVE
added 2025/05/23 11:57 a.m.14 views

CVE-2025-0529

A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the argument username leads to stack-based buffer overflow. Attacking locally is a requirement. The...

7.8CVSS7AI score0.00355EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:2 a.m.8 views

CVE-2022-43079

A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...

6.1CVSS5.8AI score0.00473EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:1 a.m.5 views

CVE-2022-42992

Multiple stored cross-site scripting XSS vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields...

5.4CVSS5.9AI score0.00447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.6 views

CVE-2022-3774

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /trainschedulerapp/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may...

9.1CVSS7AI score0.01134EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/04/30 9:16 p.m.23 views

CVE-2025-4038

A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...

5.5CVSS7.1AI score0.0026EPSS
Exploits1References1
NVD
NVD
added 2025/04/28 9:15 p.m.15 views

CVE-2025-4038

A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...

5.5CVSS0.0026EPSS
Exploits1References5
Rows per page
Query Builder