libssh 资源管理错误漏洞

libssh is a C development package from the libssh organization for accessing SSH services that can execute remote commands, file transfers, and also provide a secure transport channel for remote programs. A resource management error vulnerability exists in libssh that stems from the presence of...

D-Link DIR-816L 注入漏洞

The D-Link DIR-816L is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-816L 2.06B01 and earlier versions, which stems from the lxmldbcsystem function in the environment variable handling component failing to properly filter construct command...

CVE-2025-53825

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

Malicious code in python-uvicorn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5396386b3e45bc2cc83befa80cc1843f6d8374728a22274ffbbc124319ddc16d Malicious copy of uvicorn package with added healthcheck endpoint that exfiltrates application settings/env vars --- Category: MALICIOUS - The campaign has...

MAL-2025-191842 Malicious code in python-uvicorn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5396386b3e45bc2cc83befa80cc1843f6d8374728a22274ffbbc124319ddc16d Malicious copy of uvicorn package with added healthcheck endpoint that exfiltrates application settings/env vars --- Category: MALICIOUS - The campaign has...

Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞

Dassault Systèmes SOLIDWORKS eDrawings is a collaboration tool for viewing, sharing, and labeling 2D/3D design files from Dassault Systèmes, France. A security vulnerability exists in Dassault Systèmes SOLIDWORKS eDrawings, which originates from the presence of uninitialized variables during the...

Improper Privilege Management vulnerability in Apache Kafka Client

Apache Kafka Clients are vulnerable to improper privilege management due to the use of ConfigProvider plugins that can read from disk or environment variables. This could allow an attacker to read arbitrary contents of the disk and environment variables, potentially escalating from REST API acces...

CVE-2025-53825

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

CVE-2025-53825

Dokploy (PaaS) unreleased/preview deployments feature: prior to 0.24.3, unauthenticated preview deployments allow any user to execute arbitrary code and read sensitive environment variables by opening a pull request in a public repository. This is described as a remote code execution risk affecti...

CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

GHSA-JV7X-XHV2-P5V2 LaRecipe is vulnerable to Server-Side Template Injection attacks

Impact Attackers could: 1. Execute arbitrary commands on the server 2. Access sensitive environment variables 3. Escalate access depending on server configuration A critical vulnerability was discovered in LaRecipe that allows an attacker to perform Server-Side Template Injection SSTI, potentiall...

MAL-2025-191811 Malicious code in paradox-pydevdeps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffb02e4aaa239e465a9365307dc9f04e5d881cc9f56bd34a1112ce87db7998bc Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Dokploy 安全漏洞

Dokploy is an open source software from Dokploy Open Source. A security vulnerability exists in Dokploy versions prior to 0.24.3 that stems from arbitrary code execution in the unauthenticated Preview Deployment feature, which could lead to the disclosure of sensitive environment variables...

Malicious code in gpu-free-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0846b9b18e7af4ddef44ca9cb92d5543ace58ee3f171080b1570c3f044749dec Code attempts to exfiltrate any env variable containing "key" in name. This action is triggered on multiple occasions thanks to overwriting module loading and...

CVE-2025-53542

Headlamp is an extensible Kubernetes web UI. A command injection vulnerability was discovered in the codeSign.js script used in the macOS packaging workflow of the Kubernetes Headlamp project. This issue arises due to the improper use of Node.js's execSync function with unsanitized input derived...

Honeywell Experion PKS 安全漏洞

Honeywell Experion PKS is a process automation system from Honeywell USA. A security vulnerability exists in Honeywell Experion PKS versions 520.1 to 520.2 TCU9 and 530 to 530 TCU3, which stems from uninitialized variables and could result in a denial of service...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the abusefiltercheckmatch API. An attacker can access protected variables by bypassing authorization controls. Remediation Upgrade mediawiki/abuse-filter to version 1.43 or higher. References - Fix Commit -...

Exploit for Cleartext Transmission of Sensitive Information in Paloaltonetworks Cortex_Xdr_Agent

Nuclei2Snort 📖 项目介绍 Nuclei2Snort 是一个高效的自动化工具，用于将 Nuclei POC（Proof of Concept）模板批量转换为 Snort IDS/IPS 规则。该工具帮助安全研究人员和运维团队快速将 Nuclei 的漏洞检测模板转换为可部署的网络入侵检测规则。 ✨ 主要特性 - 🚀 批量转换: 支持单文件和目录批量转换 - 🌐 智能翻译: 集成腾讯云翻译API，自动将英文漏洞描述翻译为中文 - 🔧 自动分类: 智能识别漏洞类型并映射到相应的Snort分类 - ⚡ 并发处理: 支持多线程并发转换，提高处理效率 - 🛡️ 安全配置:...

CVE-2025-6587

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use th...