Nik Tsytsarkin

3 exploits Active since Nov 2025
CVE-2025-13913 WRITEUP MEDIUM WRITEUP
Inductive Automation Ignition - Info Disclosure
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.
CVSS 6.3
CVE-2025-13084 WRITEUP HIGH WRITEUP
Groov View API - Info Disclosure
The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.
CVSS 7.6
CVE-2025-13087 WRITEUP MEDIUM WRITEUP
Opto22 Groov Manage REST API - RCE
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
CVSS 6.2