14 matches found
CVE-2026-22070
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal...
CVE-2026-22070 ColorOS Assistant Path Traversal Vulnerability
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal...
EUVD-2026-26354
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal...
CVE-2026-22070
ColorOS Assistant is affected by a path traversal vulnerability triggered via an unauthenticated start-download channel. The root cause is an unauthenticated download initiation that can access file paths outside the intended directory, enabling potential exposure of restricted files. Affected so...
CVE-2026-22070 ColorOS Assistant Path Traversal Vulnerability
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal...
lerobot 代码问题漏洞
Lerobot is a robot programming library open source by Hugging Face. Versions of LeRobot prior to 0.5.1 had code vulnerabilities. These vulnerabilities stemmed from unsafe deserialization in the asynchronous inference pipeline. The pickle.loads function was used to deserialize data received throug...
EUVD-2025-24171
Malicious code in bioql PyPI...
CVE-2021-31338
A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.0 SP1. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device...
CVE-2024-2873
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access...
CVE-2021-45912
An unauthenticated Named Pipe channel in Controlup Real-Time Agent cuAgent.exe before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method...
Controlup Real-Time Agent操作系统命令注入漏洞
Controlup Real-Time Agent is a real-time agent from Controlup USA. The Controlup Real-Time Agent suffers from a command injection vulnerability that originates from an unauthenticated named pipe channel in the Controlup Real-Time Agent, which can be exploited by an attacker to run operating syste...
CVE-2021-31338
A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.0 SP1. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device...
CVE-2020-12040
Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...
libssh: Authentication Bypass due to improper message callbacks implementation
A vulnerability was found in libssh's server-side state machine. A malicious client could create channels without first performing authentication, resulting in unauthorized access...