MAL-2025-192896 Malicious code in chalk-cli (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-26787

CVE-2025-26787 affects Keyfactor SignServer prior to 7.2. The issue arises from a logic error in the SignServer container startup routine: the Admin CLI command intended to configure certificate access at the initial startup is executed on every container restart, resetting the access policy to "...

CVE-2025-65637 affecting package cf-cli for versions less than 8.4.0-26

CVE-2025-65637 affecting package cf-cli for versions less than 8.4.0-26. A patched version of the package is available...

EUVD-2025-204502

Malicious code in adk-cli npm...

Malicious Package

Overview adk-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in adk-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eaa79ad3f20525e947d85a4aef9c78e0c79c2377ac01d03bbb8153dc256efe7c The package adk-cli was found to contain malicious code. Source: ghsa-malware 201d1358b161ed151cde448595832eccef539099208ee82dec74ea4fa1ddb8a8 Any...

MAL-2025-192618 Malicious code in adk-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eaa79ad3f20525e947d85a4aef9c78e0c79c2377ac01d03bbb8153dc256efe7c The package adk-cli was found to contain malicious code. Source: ghsa-malware 201d1358b161ed151cde448595832eccef539099208ee82dec74ea4fa1ddb8a8 Any...

CVE-2025-65637 affecting package dcos-cli for versions less than 1.2.0-20

CVE-2025-65637 affecting package dcos-cli for versions less than 1.2.0-20. A patched version of the package is available...

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2025-68278 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2025-68278 Source advisory: OSV:GHSA-529F-9QWM-9628...

EUVD-2025-204304

tinacms is vulnerable to arbitrary code execution...

@backpackjs/cli (>=1.0.0 <=2.0.0-bundle-perf-test.2), @backpackjs/cms (>=0.0.2 <=4.21.0) +51 more potentially affected by CVE-2025-68278 via tinacms (>=0.0.0-a11f739-20260513041310 <=3.1.0)

tinacms NPM version =0.0.0-a11f739-20260513041310, =1.0.0, =0.0.2, =2.2.0-isolate-nextjs.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.10.0, =0.0.1-beta.1, =0.0.0-20220816134642, =0.0.0-20220903131031, =0.0.4, =0.1.0, =0.0.85, =0.0.89, =0.0.93 and more Source cves: CVE-2025-68278 Source advisory:...

CVE-2025-68459

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

EUVD-2025-204038

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

CVE-2025-68459

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

Exploit for CVE-2025-61260

OpenAI Codex CLI Vuln...

@c0va23/react-router-dev (=7.8.3-alpha.2), @catmint/cli (>=0.0.0-prealpha.1 <=0.0.0-prealpha.26) +38 more potentially affected by CVE-2025-68155 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.26)

@vitejs/plugin-rsc NPM version =0.4.11, =0.0.0-prealpha.1, =0.0.0-prealpha.1, =0.2.0, =0.2.3, =0.2.4, =0.0.1-alpha.0, =16.2.6, =0.0.9, =0.6.0, =0.5.0, =0.0.0-experimental.1, =0.1.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-fff5d2d and more Source cves: CVE-2025-68155 Source advisory:...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js RCE Scanner - CVE-2025-55182 & CVE-2025-66478...

Improper Restriction Of Command Execution

org.jenkins-ci.plugins, azure-cli is vulnerable to improper restriction of command execution. The vulnerability is due to insufficient validation of executed commands, which allows an attacker with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller...

Denial Of Service (DoS)

org.jenkins-ci.main, jenkins-core is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling and closure of corrupted HTTP-based CLI connection streams, which allows an unauthenticated attacker to trigger a denial of service by sending malformed or corrupted connection...

@cedarjs/api-server (>=1.0.0-canary.12879 <=1.0.0-canary.12881), @cedarjs/cli (>=1.0.0-canary.12879 <=1.0.0-canary.12881) +10 more potentially affected by CVE-2025-55183 +2 more via react-server-dom-webpack (=19.2.2)

react-server-dom-webpack NPM version =19.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879,...