Malicious code in skills-use (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f974e3dc3206af78c8a6fd5370b73dc14d8edc1f052caa4992fdca5c5bac45ac The package skills-use was found to contain malicious code. Source: ghsa-malware 25e55ca30592985c5f31158f8bd68d19643e2b48db1cf4578a7da6ae380ed661 Any...

MAL-2025-190666 Malicious code in @ensdomains/content-hash (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39aeb9f2a2d9a8ee1c57695456c8af6657d069eaee694ef7f8c128bb292bfabd The package @ensdomains/content-hash was found to contain malicious code. Source: ghsa-malware...

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

CVE-2025-40604

The CVE-2025-40604 affects SonicWall Email Security appliances. It describes a vulnerability where the device downloads root filesystem images without verifying signatures, enabling attackers with VMDK or datastore access to modify system files and achieve persistent arbitrary code execution. Pub...

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

CVE-2025-34336 eGovFramework <= 4.3.1 Unauthenticated File Upload via Web Editor Image Upload Endpoints

eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without authentication, pass the...

aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

PT-2025-47485

Name of the Vulnerable Software and Affected Versions eGovFramework/egovframe-common-components versions up to and including 4.3.1 Description The software contains an unauthenticated file upload issue through the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do API endpoints. These endpoint...

Windows Persistent Service Installer

This Metasploit module will generate and upload an executable to a remote host. It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required...

GHSA-7XVH-C266-CFR5 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message

Description Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission can configure a "welcome message", which is HTML that is to be rendered on the login page for branding purposes. When rendering the welcome message, Dependency-Track versions before 4.13.6 did not...

MAL-2025-190502 Malicious code in application-phskck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6943455b71ad210483f41c6aad1617346d5cf05804711e7d3c08a94cd5d35084 The package application-phskck was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190507 Malicious code in integrator-2830 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 115be0b5028ffab5a29306a2d2d83f0f5f3dc669567f3e0615c37a1d3ebb6181 The package integrator-2830 was found to contain malicious code. Source: ghsa-malware a63fa08d4b3a438ab307f36f34faddc4f6d7f1fa928c42c3ae3318e3384748b...

GHSA-X7RP-QJ2H-GHGW Flowise Fails to Invalidate Existing Sessions After Password Changes

Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...

Flowise Fails to Invalidate Existing Sessions After Password Changes

Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...

Directus 跨站脚本漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus versions prior to 11.13.0, which stems from a stored cross-site scripting vulnerability in the Block Editor interface...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...