EUVD-2025-198684

Malicious code in zapier-platform-cli npm...

EUVD-2025-198689

Malicious code in @asyncapi/modelina-cli npm...

MAL-2025-190660 Malicious code in @asyncapi/modelina-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3144264289038cf791432dc902acf2aafe218ea12a11fd986f2690b63531157 The package @asyncapi/modelina-cli was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198691

Malicious code in @asyncapi/cli npm...

Malicious code in @asyncapi/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b13eec1644f2d38922b7e61732a64ae6ee0d71810232ff15c95a3290de465d The package @asyncapi/cli was found to contain malicious code. Source: ghsa-malware 99e5bdb2a7d429f7e01403c432963826b244c3bed02a5a877ace1307b5fee3ad...

EUVD-2025-198703

Malicious code in @posthog/cli npm...

Malicious code in @posthog/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57662af8290901771cf534d8b1ca05ca88dfd84054580144d934f730549a4653 The package @posthog/cli was found to contain malicious code. Source: ghsa-malware e663c40b9060088ff86ea24eec083b9b5bf8afdec2e1963895e47e5177a673d1 A...

MAL-2025-190671 Malicious code in @posthog/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57662af8290901771cf534d8b1ca05ca88dfd84054580144d934f730549a4653 The package @posthog/cli was found to contain malicious code. Source: ghsa-malware e663c40b9060088ff86ea24eec083b9b5bf8afdec2e1963895e47e5177a673d1 A...

Metasploit Wrap-Up 11/21/2025

CVE-2025-64446 - Fortinet’s FortiWeb exploitation A critical vulnerability in Fortinet’s FortiWeb Web Application Firewall, now assigned CVE-2025-64446 CVSS 9.1, allows unauthenticated attackers to gain full administrator access to the FortiWeb Manager interface and its websocket CLI. The flaw...

CVE-2025-46776

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or comman...

CVE-2025-37163

A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system...

CVE-2025-61713

A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...

CVE-2025-58034

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may...

CVE-2025-54821

An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3...

CVE-2025-54821

An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3...

CVE-2025-54821

CVE-2025-54821 affects Fortinet FortiOS (versions 6.4 and 7.0–7.6.3), FortiPAM (1.0–1.6.0), and FortiProxy (7.0–7.6.3). The root cause is improper privilege management (CWE-269) that may allow an authenticated administrator to bypass the trusted-host policy via crafted CLI commands. Public source...

CVE-2025-46776

Summary (CVE-2025-46776) Fortinet FortiExtender is affected by a buffer copy without input size validation, enabling an authenticated user to execute arbitrary code or commands via crafted CLI commands. Affected versions include FortiExtender 7.6.0–7.6.1, 7.4.0–7.4.6, 7.2 all versions, and 7.0 al...

CVE-2025-58034

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may...

CVE-2025-58034

CVE-2025-58034 — Fortinet FortiWeb OS Command Injection occurs in FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, 7.0.0–7.0.11. The flaw is an OS command injection (CWE-78) allowing an authenticated attacker to execute arbitrary commands on the underlying system via crafted HTTP re...

PT-2025-47358

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4 through 7.6.3 Fortinet FortiPAM versions 1.0 through 1.6.0 Fortinet FortiProxy versions 7.0 through 7.6.3 Description An Improper Privilege Management issue exists that may allow an authenticated administrator to...