ROS-20250515-04

The vulnerability of the docker CLI plugin that extends Buildx build capabilities is related to the fact that the software stores sensitive information in log files. software stores sensitive information in log files. Exploiting the vulnerability could allow an attacker to gain access to sensitiv...

RHEL 8 / 9 : updated discovery-cli RPMs (Important) (RHSA-2025:7630)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7630 advisory. New version of Discovery CLI dsc and installer are now available for RHEL 8 and RHEL 9 for Discovery 1.14. Tenable has extracted the preceding...

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.2-1), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +8 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.2-1)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.2-1 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-bet...

MAL-2025-3784 Malicious code in webpack-cli-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6923a0b0ac00b6df0f50acbb796a23891fbe7d857f5f130a62b03f3a7cea9da8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webpack-cli-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6923a0b0ac00b6df0f50acbb796a23891fbe7d857f5f130a62b03f3a7cea9da8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webpack-cli-4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddac203965243a9f1a0fac7e0e5e5217dec4667917b4d23c3dc0e7780d3176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3783 Malicious code in webpack-cli-4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddac203965243a9f1a0fac7e0e5e5217dec4667917b4d23c3dc0e7780d3176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-28056

rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component...

CVE-2025-28056

rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component...

CVE-2025-28056

rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component...

CVE-2025-28056

rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component...

CVE-2025-20213

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials...

CVE-2025-20201

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...

CVE-2025-20122

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker wi...

Malicious code in matlab-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff0a277d45885a5c1a26f027495e73b5e0aa8b49c7ee3eeafd06cc14e6e8f754 Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-05-matlab-cl...

MAL-2025-191785 Malicious code in matlab-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff0a277d45885a5c1a26f027495e73b5e0aa8b49c7ee3eeafd06cc14e6e8f754 Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-05-matlab-cl...

stratis-cli bug fix and enhancement update

An update is available for stratis-cli. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

CVE-2025-20122

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker wi...

CVE-2025-20122

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker wi...

CVE-2025-20122

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker wi...