MAL-2025-140799 Malicious code in cli-geckodriver-sirius-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8e1410ae9b38e65f7afbdffabb2ae9666d120b7fd9146797cb25adf35a46ede This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140812 Malicious code in cli-supervisor-meissa-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74ded4cfab8e2f8639c75038f912fc662017e8aaf4dfc60ff97515f615d09a11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145654 Malicious code in nova-cli-cosmos-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a6b8ac52d3123426f5132fd67a06e0827677939e3a3e3f9791efae39d16a263 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-111488

Malicious code in magellan-cli-despina-xerxes npm...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-1261)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1261 advisory. Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file CVE-2025-5601 Tenable has extracted the preceding descripti...

CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands...

CVE-2025-46364

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system...

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

CVE-2025-46364

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system...

CVE-2025-46364

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system...

Severe React Native Flaw Exposes Developer Systems to Remote Attacks

JFrog researchers found a critical RCE vulnerability CVE-2025-11953 in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw...

[SECURITY] Fedora 43 Update: python-typer-0.20.0-1.fc43

Typer is a library for building CLI applications that users will love using a nd developers will love creating. Based on Python type hints...

[SECURITY] Fedora 43 Update: fastapi-cloud-cli-0.3.1-1.fc43

Deploy and manage FastAPI Cloud apps from the command line...

[SECURITY] Fedora 43 Update: fastapi-cli-0.0.14-1.fc43

FastAPI CLI is a command line program fastapi that you can use to serve your FastAPI app, manage your FastAPI project, and more...

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : aws-cli, local-npm-registry, python-boto3, python-botocore, python-coverage, python-flaky, python-pluggy, python-pytest, python-pytest-cov, python-pytest-html, python-pytest-metadata, python-pytest-mock (SUSE-SU-2025:3744-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3744-1 advisory. This update for aws-cli, local-npm-registry, python-boto3, python-botocore, python-coverage,...

CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

CVE-2025-64109

Cursor CLI Beta contains a vulnerability where uploading a malicious MCP configuration in .cursor/mcp.json in a GitHub repo can trigger remote code execution when a victim clones the project and runs Cursor CLI. The issue results from the MCP (Model Context Protocol) server mechanism executing th...

Exploit for CVE-2025-11953

React Native CLI Command Injection Demo CVE-2025-11953 ⚠...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...