@adobe/aio-cli (>=7.0.0 <=8.3.0), @adobe/aio-cli-plugin-app (>=7.0.0 <=8.6.1) +31 more potentially affected by CVE-2025-56648 via @parcel/reporter-dev-server (>=2.0.0-beta.1 <=2.16.3)

@parcel/reporter-dev-server NPM version =2.0.0-beta.1, =7.0.0, =7.0.0, =1.0.0, =5.0.0, =2.3.0, =3.3.6, =2.1.0, =1.0.0-alpha.27, =2.0.0, =2.0.0, =0.0.2, =0.0.2, =2.0.0-beta.1, =2.13.4-canary.3389, =2.13.4-canary.3403 and more Source cves: CVE-2025-56648 Source advisory: OSV:GHSA-QM9P-F9J5-W83W...

Privilege Escalation

langflow is vulnerable to privilege escalation. The vulnerability is due to improper access control in Langflow containers, where an authenticated user with RCE access can invoke the internal langflow superuser CLI command to create an administrative account, which allows an attacker to gain full...

CVE-2025-37130 Unrestricted Binary allows File Enumeration in Underlying Operating System

A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system...

CVE-2025-37131 Authenticated Arbitrary File Read allows Data Exposure in CLI Interface

A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information...

Malicious code in tvi-cli (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f78946397af9b739b00884d97f406ea16405f5558af770d05400083fd26e7061 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in mstate-cli (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11586d24fddd11300bc40be887923b1983656f46ab1e3d4b282e5b2528b6762a Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in mobioffice-cli (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e47d63322a273b9488645ea45f6c3b3a604a03c1be32e296fc5a6d20642df57e Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47404 Malicious code in mobioffice-cli (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e47d63322a273b9488645ea45f6c3b3a604a03c1be32e296fc5a6d20642df57e Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47329 Malicious code in mstate-cli (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11586d24fddd11300bc40be887923b1983656f46ab1e3d4b282e5b2528b6762a Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47357 Malicious code in tvi-cli (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f78946397af9b739b00884d97f406ea16405f5558af770d05400083fd26e7061 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in sensay-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cb7ee6c9001f05dabc23897e95ab73cf8e80b296c65d848d3d31fa9b2b592ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview sensay-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2025-47348 Malicious code in sensay-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cb7ee6c9001f05dabc23897e95ab73cf8e80b296c65d848d3d31fa9b2b592ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

[SECURITY] Fedora 42 Update: podman-5.6.1-1.fc42

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Linux Distros Unpatched Vulnerability : CVE-2016-10538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file...

CVE-2024-45325

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2024-45325

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests...