WBCE CMS 代码问题漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A code issue vulnerability exists in WBCE CMS version 1.6.3 and prior versions, which stems from allowing administrators to upload malicious modules that could lead to remote code execution...

CVE-2025-56113

CVE-2025-56113 affects Ruijie RG-YST EST and YSTAP 3.0(1)B11P280YST250F, with the vulnerable component being the pwdmodify function in /usr/lib/lua/luci/modules/common.lua. The root cause is an OS Command Injection vulnerability triggered by a crafted POST request to pwdmodify, allowing an attack...

CVE-2025-56096

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...

CVE-2025-56096

CVE-2025-56096 affects Ruijie RG-BCR600W devices. The issue is an OS Command Injection in the restart_modules function of /usr/lib/lua/luci/controller/admin/common.lua, exploitable via a crafted POST request. Supported by multiple sources (NVD, Red Hat, ENISA/EUVD, CNNVD, CVE listings). Base metr...

CVE-2025-56108

CVE-2025-56108 affects Ruijie X30-PRO (X30-PRO-V1_09241521). An OS command injection via a crafted POST to /usr/lib/lua/luci/modules/common.lua pwdmodify allows arbitrary command execution. Root cause: improper handling in the pwdmodify function. Impact: high (remote command execution with networ...

CVE-2025-56099

CVE-2025-56099 affects Ruijie RG-YST AP with firmware 3.0(1)B11P280YST250F. The issue is an OS Command Injection in the pwdmodify handler located at /usr/lib/lua/luci/modules/common.lua, triggered by a crafted POST request. The vulnerability allows an attacker to execute arbitrary commands with l...

PT-2025-50666

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...

CVE-2025-13653

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

Malicious Package

Overview modules-runtime is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-202361

Malicious code in modules-runtime npm...

Malicious code in modules-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e707f153606cc933eafdfa4c883bf1092791f4fe0e80278d963dda8dd5291a46 The package modules-runtime was found to contain malicious code. Source: ghsa-malware e0c351f7e54009deb9f1a8fa206a6cc720b4a472a7b969018b50ae235fcac91...

MAL-2025-192413 Malicious code in modules-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e707f153606cc933eafdfa4c883bf1092791f4fe0e80278d963dda8dd5291a46 The package modules-runtime was found to contain malicious code. Source: ghsa-malware e0c351f7e54009deb9f1a8fa206a6cc720b4a472a7b969018b50ae235fcac91...

USN-7909-2 linux-intel-iot-realtime, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

Meta React Server Components 安全漏洞

React Server Components is a new component model in the React Framework that allows components to run and render on the server and not execute in the client browser. Meta React Server Components has a remote code execution vulnerability that stems from a lack of security checks when parsing...

CVE-2025-64750 Singluarity ineffectively applies of selinux / apparmor LSM process labels

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...

CVE-2025-13653

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

CVE-2025-13653

In the provided connected documents, CVE-2025-13653 affects Search Guard FLX versions 3.1.0 through 4.0.0 when enterprise modules are disabled. The issue allows authenticated users to issue specially crafted requests to read documents from data streams without the required privileges, leading to ...

CVE-2025-13653 Unauthorized access to documents in data streams with specially crafted requests

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

CVE-2025-13653 Unauthorized access to documents in data streams with specially crafted requests

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules and tools for exploiting vulnerabilities and conducting penetration testing. The primary...