Malicious code in bitensor-cli (PyPI)

--- -= Per source details. Do not edit below this line.=-...

PT-2025-39664

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.9.12 Rancher Manager versions prior to 2.10.10 Rancher Manager versions prior to 2.11.6 Rancher Manager versions prior to 2.12.2 Description Rancher Manager is susceptible to phishing attacks targeting SAML...

Malicious code in @s21games/lsx-cli (npm)

The package @s21games/lsx-cli was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1691c42513d45af11b5d79dc36ba379453cd413b244d2e7581b4f7484cca828 Any computer that has this package installed or running should be considered fully...

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

Cisco IOS XE Software CLI Argument Injection (cisco-sa-iosxe-arg-inject-EyDDbh4e)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

graphos-cli (>=1.0.0 <=1.0.1), panshi-client (>=0.0.7 <=0.0.8) potentially affected by CVE-2025-57320 via json-schema-editor-visual (>=1.1.1 <=2.0.0)

json-schema-editor-visual NPM version =1.1.1, =1.0.0, =0.0.7, =0.0.8 Source cves: CVE-2025-57320 Source advisory: OSV:GHSA-3C3P-XH4F-PFH7...

graphos-cli (>=1.0.0 <=1.0.1), panshi-client (>=0.0.7 <=0.0.8) potentially affected by CVE-2025-57320 via json-schema-editor-visual (>=1.1.1 <=2.0.0)

json-schema-editor-visual NPM version =1.1.1, =1.0.0, =0.0.7, =0.0.8 Source cves: CVE-2025-57320 Source advisory: SNYK:JS-JSONSCHEMAEDITORVISUAL-13110010...

@orca-fe/datav-cli (>=2.8.3 <=2.9.4), datav-cli (>=0.0.1 <=2.12.3) +3 more potentially affected by CVE-2025-57348 via node-cube (>=0.0.10 <=5.0.0-beta.16)

node-cube NPM version =0.0.10, =2.8.3, =0.0.1, =1.0.2, =1.0.0, =0.0.1, =1.0.9 Source cves: CVE-2025-57348 Source advisory: OSV:GHSA-8V65-5FW5-23WJ...

CVE-2025-20338

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments th...

CVE-2025-20338

CVE-2025-20338 affects Cisco IOS XE Software CLI. The root cause is insufficient validation of user-supplied arguments passed to specific CLI commands, allowing an authenticated administrator (level 15) to craft CLI input that can execute arbitrary commands as root on the device. According to Cis...

Retail at risk: How one alert uncovered a persistent cyberthreat​​

In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing security compromises in the past year, the risks for businesses continue to increase...

PT-2025-39295

Name of the Vulnerable Software and Affected Versions Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description A flaw exists in the Command Line Interface CLI of Cisco IOS Software and Cisco IOS XE Software. A local attacker with authentication may be able to cause...

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

@flosum/cli (>=0.0.0 <=0.0.3), @flosum/salesforce (>=1.17.10 <=1.17.12-test.18) potentially affected by CVE-2025-9844 via @salesforce/cli (=2.100.4)

@salesforce/cli NPM version =2.100.4 is affected by a known vulnerability. The following packages have a transitive dependency on @salesforce/cli and may be impacted: - @flosum/cli =0.0.0, =1.17.10, =1.17.12-test.18 Source cves: CVE-2025-9844 Source advisory: SNYK:JS-SALESFORCECLI-13011148...

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

CVE-2025-9844

CVE-2025-9844 (Salesforce CLI on Windows) Affected software: Salesforce CLI (Salesforce) on Windows.Root cause: Uncontrolled Search Path Element that can lead to replacement of a trusted executable.Impact: Potential code execution through replacing a trusted executable; CVSS v3.1 base score 8.8 (...

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

PT-2025-39170

Name of the Vulnerable Software and Affected Versions Salesforce CLI versions prior to 2.106.6 Description A flaw exists in the Salesforce CLI on Windows that allows for malicious DLL injection due to an uncontrolled search path element. This can lead to the replacement of trusted executables...

CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

@askinozgur/do-markdownit-cli (>=0.0.1 <=0.6.0) potentially affected by CVE-2025-59717 via @digitalocean/do-markdownit (=1.17.2)

@digitalocean/do-markdownit NPM version =1.17.2 is affected by a known vulnerability. The following packages have a transitive dependency on @digitalocean/do-markdownit and may be impacted: - @askinozgur/do-markdownit-cli =0.0.1, =0.6.0 Source cves: CVE-2025-59717 Source advisory:...