Acer Wave 7 router 安全漏洞

The Acer Wave 7 router is a three-band wireless router from Acer, a company based in Taiwan, China. The Acer Wave 7 router has a security vulnerability. This vulnerability allows attackers to decrypt, modify, and re-encrypt system backups, enabling persistent backdoors attacks...

Malicious code in vite-plugin-env-compat-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2512f14cad895787ebcbbf00d51ef388752104f69dcba83360b9ce44a04467f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in iv-bloomfilter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7f2a3b58036e1174efe383ee906172b07f9ddc3410d913e51b4e614f9ff09ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dowload_ebok_the_testament_of_solomon_by_king_solomon_frederick_cornwallis_conybeare_5201c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33d6c492e4871ad2384480820ba9bbefb5a987a0675139c6358cc58e645fd95 The package dowloadebokthetestamentofsolomonbykingsolomonfrederickcornwallisconybeare5201c was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-29429

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...

Malicious code in wm-plugin-wm-smart-tip-dont-embed-tooltip (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed6cae507e456c74167f9236f4f846cbbf1437a9fbcc5333e228d22073a78cc4 The package wm-plugin-wm-smart-tip-dont-embed-tooltip was found to contain malicious code. Source: ghsa-malware...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the sanitizeArchivePath function. An attacker can overwrite arbitrary files, such as shell configuration files, SSH keys, kubeconfig, or crontabs, by supplying crafted archive entries that exploit improper path...

OESA-2026-1597 python-ply security update

/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...

Malicious code in tailwindcss-form-bundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...

CVE-2025-9909

The CVE-2025-9909 issue affects Red Hat Ansible Automation Platform Gateway route creation: improper gateway_path handling allows an attacker with admin privileges to create misleading routes (double-slash prefix) to intercept credentials, potentially enabling persistent backdoors. It is describe...

PT-2025-54839

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gateway path. A malicious or socially engineered administrator can configure a...

CVE-2025-10010

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...

EUVD-2025-208086

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...

Malicious code in strengthifys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26bf8b635060e35c2ba0f361186f8c6bb35d9a462ce69102a68bd12e55a6563a The package strengthifys was found to contain malicious code. Source: ghsa-malware 906876be89627ae4a5964998517da35bbfa92d6e427e4feed9b49bad03ac904e A...

CVE-2025-56005

An arbitrary code execution vulnerability was discovered in PLY Python Lex-Yacc. When an application uses PLY's undocumented picklefile parameter to load cached parser data, the library deserializes the pickle file without validation. If an attacker can supply or modify the pickle file being...

SUSE CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

CVE-2025-56005

CVE-2025-56005 affects PLY 3.11 (PyPI) and is triggered via the picklefile parameter in yacc(), which deserializes a .pkl with pickle.load() without validation. The underlying cause is unsafe deserialization, enabling remote code execution as described in multiple sources; this is not limited to ...

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...