Malicious code in @navify-platform/auth (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-41354 Malicious code in @navify-platform/auth (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 CVSS score: 6.9 - A vulnerability in a know...

CVE-2025-9297

A vulnerability was detected in Tenda i22 1.0.0.34687. This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be...

PT-2025-34279 · Esri · Esri Portal For Arcgis Enterprise Sites

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS Enterprise Sites that may allow a remote, authenticated attacker to inject a malicious file...

TOTOLINK A7000R Certification Bypass Vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A7000R suffers from an authentication bypass vulnerability that stems from formLoginAuth.htm not properly validating a login request, which can be exploited by an attacker to bypass authentication, tamper wi...

CVE-2025-9240

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

CVE-2025-9240 elunez eladmin info information disclosure

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

CVE-2010-20059 FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

PT-2025-34145 · Elunez · Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A security flaw has been discovered in elunez eladmin up to version 2.7. This issue affects an unknown functionality of the file /auth/info. Manipulation of this functionality results in...

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez individual developers. A security vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from insufficient authentication of access to the /auth/info file, which can be exploited by remote attackers to disclose information...

Linux Distros Unpatched Vulnerability : CVE-2020-14553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 5.7.30 and prior and 8.0.2...

Linux Distros Unpatched Vulnerability : CVE-2024-52946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication leve...

CVE-2025-51543

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/resetpassword endpoint...

CVE-2025-9151 LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization

A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...

Low: nginx

Issue Overview: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server...

CVE-2025-51506

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/looku...

Linux Distros Unpatched Vulnerability : CVE-2017-10155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.6.37 and earlier an...

Trend Micro Apex One Multiple Vulnerabilities (KA-0020652)

According to its self-reported version, the Trend Micro application running on the remote Windows host is Apex One prior to SP1 Server Build 14081 and Agent Build 14081. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability in Trend Micro Apex One...

CVE-2025-33100

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...