MAL-2025-147760 Malicious code in sedna-cli-csrf-telesto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0e23e8cd40c2c78f1ec47be9e930934db34eeffed408bdcbbd9688392b70daf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in node-sass-cli-charon-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f32e51d72c3d0f1f895665fca468290ffd1c71c1ffefce6a9d6d60b92d1e49c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-116359

Malicious code in auth0-cygnus-farout-cli npm...

EUVD-2025-112437

Malicious code in install-europa-aquarius-cli npm...

EUVD-2025-123667

Malicious code in pino-uglify-js-uninstall-cli npm...

EUVD-2025-115315

Malicious code in cli-dagda-heka-config npm...

Malicious code in husky-cli-axios-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3e3ac914740a1f8e6ac85c3136819adc22fbba0178c57d910ad1afc930d0768 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-115290

Malicious code in cli-zephyr-pegasus-commitizen npm...

EUVD-2025-115305

Malicious code in cli-magellan-farout-regulus npm...

MAL-2025-140810 Malicious code in cli-sedna-xo-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea95c52ea49932e465b636027c985528b53c29b37dbe031de9640b0ba8b01cb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-115293

Malicious code in cli-version-standard-antares npm...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-1261)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1261 advisory. Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file CVE-2025-5601 Tenable has extracted the preceding descripti...

CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands...

CVE-2025-46364

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system...

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

CVE-2025-46364

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system...

CVE-2025-46364

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system...

Severe React Native Flaw Exposes Developer Systems to Remote Attacks

JFrog researchers found a critical RCE vulnerability CVE-2025-11953 in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw...

[SECURITY] Fedora 43 Update: python-typer-0.20.0-1.fc43

Typer is a library for building CLI applications that users will love using a nd developers will love creating. Based on Python type hints...

[SECURITY] Fedora 43 Update: fastapi-cloud-cli-0.3.1-1.fc43

Deploy and manage FastAPI Cloud apps from the command line...