29 matches found
Security Advisory 0127
Security Advisory 0127 . CSAF PDF Date: November 18, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 18, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-8873 CVSSv3.1 Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSSv4.0 Base Score 8.7...
2 Polish Men Arrested for Radio Hack That Disrupted Trains
Plus: A major FBI botnet takedown, new Sandworm malware, a cyberattack on two major scientific telescopes—and more...
Remotely Stopping Polish Trains
Turns out that its easy to broadcast radio commands that force Polish trains to stop: …the saboteurs appear to have sent simple so-called "radio-stop" commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those...
CVE-2022-33055
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/managetrain.php...
Online Railway Reservation system SQL注入漏洞
Sourcecodester Online Railway Reservation system is a web-based application that provides an online platform for rail or train station passengers or potential passengers to browse their schedules and reserve seats. sourceCodester Online Railway Reservation System v1.0 is vulnerable to a SQL...
anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2022-0845 via pytorch-lightning (>=0.10.0 <=1.5.9)
pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2022-0845 Source advisory: OSV:GHSA-R5QJ-CVF9-P85H...
anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2022-0845 via pytorch-lightning (>=0.10.0 <=1.5.9)
pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2022-0845 Source advisory: OSV:PYSEC-2022-181...
anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2021-4118 via pytorch-lightning (>=0.10.0 <=1.5.9)
pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2021-4118 Source advisory: OSV:PYSEC-2021-874...
A Hacking Spree Against Iran Spills Out Into the Real World
Hackers have targeted the country's trains, gas stations, and airline infrastructure, as cyber conflict with Israel continues to escalate...
CVE-2021-28499
In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in...
Crippling attack on Iranian trains linked to Meteor file wiper malware
By Deeba Ahmed The Meteor file wiper malware is linked to a cyberattack that took place on July 9th, 2021 on the Iranian railway system and transport ministry. This is a post from HackRead.com Read the original post: Crippling attack on Iranian trains linked to Meteor file wiper malware...
CVE-2020-24360
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in...
CVE-2019-14810
A vulnerability has been found in the implementation of the Label Distribution Protocol LDP protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service DoS attack on route updates and in turn...
On Chinese "Spy Trains"
The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is...
confirmtkt.com XSS vulnerability
Open Bug Bounty ID: OBB-616424 Description| Value ---|--- Affected Website:| confirmtkt.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
fatbraintoys.com XSS vulnerability
Open Bug Bounty ID: OBB-584490 Description| Value ---|--- Affected Website:| fatbraintoys.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Spring data rest 远程代码执行(cve-2017-8046)
漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器,使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制,编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本: Spring...
model-trains-universe.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-260418 Description| Value ---|--- Affected Website:| model-trains-universe.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
confirmtkt.com XSS vulnerability
Vulnerable URL: https://www.confirmtkt.com/trains/Devthana-DVN/Pune-Junction-PUNE/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 34609 VIP website status:| Yes Check confirmtkt.co...
edreams.jp XSS vulnerability
Vulnerable URL: http://www.edreams.jp/engine/searchEngines/pickers/trainspickerint.jsp?field=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 23:05 GMT Vulnerability type:| XSS Vulnerability...