CVE-2025-12195 WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and includi...

AZL-71516 CVE-2025-65637 affecting package dcos-cli for versions less than 1.2.0-20

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

AZL-71572 CVE-2025-65637 affecting package dcos-cli for versions less than 1.2.0-23

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

Exploit for CVE-2025-55182

🔍 Phoenix SCA Scanner - Universal - Version for CVE-2025-55182...

WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software from WatchGuard USA that runs on Firebox. A security vulnerability exists in WatchGuard Fireware OS versions 12.11.4 and earlier, 12.5.13 and earlier, and 2025.1.2 and earlier, which stems from an out-of-bounds write to the CLI that could lead to the execution...

PT-2025-49156

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description An out-of-bounds write issue exists in the Command Line Interface CLI...

@amazeelabs/bridge-waku (>=1.1.0 <=2.0.1), @amazeelabs/executors (>=3.0.0 <=3.1.14) +21 more potentially affected by CVE-2025-55182 via react-server-dom-webpack (>=19.0.0-rc.0 <=19.0.0)

react-server-dom-webpack NPM version =19.0.0-rc.0, =1.1.0, =3.0.0, =1.1.0, =1.1.0, =0.9.1-next.19, =0.9.1-next.19, =0.9.1-next.19, =0.0.4, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250219082408, =0.0.2, =0.1.0-rc....

BIT-FLUX-2022-36035 Flux CLI Workload Injection

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allow...

Command Injection

Overview caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances. Affected versions of this package are vulnerable to Command Injection due to improper validation and sanitization of user-supplied site names and bench path inputs in the unlock command. The command constructs...

Incorrect Default Permissions

Overview caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances. Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure file permissions. The cache directory and database file are created without enforcing restrictive access...

Malicious code in multer-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 653a6b2d3d4620d665c1de60de57e8b94bdc7e3521eb42323c38bd3f5a6c2989 The package multer-cli was found to contain malicious code. Source: ghsa-malware 09308572c706ad725ba1ffe9eba38c5dafc921c2b48e5f8c14e2a2374839e0e5 Any...

Malicious code in mongodb-atlas-cli-toc-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b43eaf31369a3ecfac60651fb3c08bc314680fd9b476179d902bbfee64b0d62 The package mongodb-atlas-cli-toc-generator was found to contain malicious code...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

@medusajs/inventory (>=1.1.0-20230320210331 <=1.1.0-snapshot-20230320172940), @medusajs/medusa-oas-cli (>=0.2.0-20230320210331 <=2.11.4-preview-20251124000311) +2 more potentially affected by unknown CVE via @medusajs/medusa (>=2.0.0-next-20230310121604 <=2.11.4-preview-20251124000311)

@medusajs/medusa NPM version =2.0.0-next-20230310121604, =1.1.0-20230320210331, =0.2.0-20230320210331, =0.0.6, =0.0.2, =0.0.4 Source cves: unknown CVE Source advisory: SNYK:JS-MEDUSAJSMEDUSA-14137960...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

[SECURITY] Fedora 41 Update: docker-buildx-0.30.1-1.fc41

Docker CLI plugin for extended build capabilities with BuildKit...

@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1669 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0-rc.4 <=1.1.0)

valibot NPM version =0.31.0-rc.4, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.1.1-beta.1, =4.0.2-beta.0, =9.0.0-beta-bump-wagmi-viem.2 and more Source cves: CVE-2025-66020 Source advisory:...

[SECURITY] Fedora 42 Update: docker-buildx-0.30.1-1.fc42

Docker CLI plugin for extended build capabilities with BuildKit...

[SECURITY] Fedora 43 Update: docker-buildx-0.30.1-1.fc43

Docker CLI plugin for extended build capabilities with BuildKit...

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...