Advantech ADAM-5630 Missing Authentication for Critical Function (CVE-2024-39364)

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

CVE-2023-4568

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch...

NEC EXPRESSCLUSTER X和NEC EXPRESSCLUSTER X SingleServerSafe 安全漏洞

NEC EXPRESSCLUSTER X and NEC EXPRESSCLUSTER X SingleServerSafe are both disaster recovery software from Nippon Electric NEC. A security vulnerability exists in NEC EXPRESSCLUSTER X and NEC EXPRESSCLUSTER X SingleServerSafe that originates from an attacker's ability to send specially crafted netwo...

EUVD-2018-8952

Malware in sbrugna...

EUVD-2013-7275

Malware in sbrugna...

EUVD-2018-9621

Malware in sbrugna...

CVE-2025-36354

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...

EUVD-2025-32574

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...

PT-2025-40918

Name of the Vulnerable Software and Affected Versions IBM Security Verify Access and IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.9.0 IBM Security Verify Access and IBM Security Verify Access Docker versions 11.0.0.0 through 11.0.1.0 Description An unauthenticated user may be...

EUVD-2024-37920

Malicious code in bioql PyPI...

EUVD-2025-30798

Malicious code in bioql PyPI...

EUVD-2025-28803

Malicious code in bioql PyPI...

CVE-2025-57440

The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the "ATEM Ethernet Protocol 1.0", provides...

CVE-2025-57432

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication...

CVE-2025-57440

The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the "ATEM Ethernet Protocol 1.0", provides...

CVE-2025-57432

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication...

CVE-2025-57440

The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the "ATEM Ethernet Protocol 1.0", provides...

Blackmagic Design ATEM Mini Pro 安全漏洞

Blackmagic Design ATEM Mini Pro is a live video streaming device from Blackmagic Design, USA. A security vulnerability exists in the Blackmagic Design ATEM Mini Pro version 2.7 that originates from an undocumented Telnet service accepting unauthenticated commands in clear text, which could allow ...

CVE-2025-57174

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...

Ceragon EtherHaul series 操作系统命令注入漏洞

The Ceragon EtherHaul series is a point-to-point infinite link device from Ceragon USA. A security vulnerability exists in the Ceragon EtherHaul series versions 7.4.0 through 10.7.3 and earlier, which stems from the use of hard-coded static AES encryption keys by the rfpiped service, which could...