CVE-2025-56448

The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security...

GHSA-QXFV-FCPC-W36X Claude Code rg vulnerability does not protect against approval prompt bypass

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will...

UPDF 代码问题漏洞

UPDF is a multi-platform PDF editor from the Chinese company UPDF. A code issue vulnerability exists in UPDF version 1.8.5.0, which stems from DLL search path hijacking and could lead to the execution of arbitrary code...

Grandstream Wave 代码问题漏洞

Grandstream Wave is a voice software from Grandstream Corporation, USA. A code issue vulnerability exists in Grandstream Wave version 1.27.8, which stems from DLL search order hijacking and could lead to the execution of arbitrary code...

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from Jinher, a Chinese company. A code issue vulnerability exists in Jinher OA 1.2 and prior versions, which arises from the presence of XML external entity references in the XML Handler component...

SourceCodester Pet Grooming Management Software 代码问题漏洞

SourceCodester Pet Grooming Management Software is a SourceCodester open source pet grooming management system. A code issue vulnerability exists in SourceCodester Pet Grooming Management Software version 1.0, which originates from an arbitrary file upload vulnerability in the /admin/profile.php...

DOS & CO SS1 代码问题漏洞

DOS & CO SS1 is an asset management tool from DOS & CO Japan. A code issue vulnerability exists in DOS & CO SS1 version 16.0.0.10 and earlier, which originates from allowing remote unauthenticated attackers to upload arbitrary files and execute OS commands with SYSTEM privileges...

IBM Edge Application Manager Code Issue Vulnerability

IBM Edge Application Manager is an application from International Business Machines IBM that provides powerful solutions to address the need to deliver enterprise computing power at the edge of the cloud, closer to where the data is being created and at the edge of the enterprise where action nee...

PT-2025-34555 · Unknown · Fnkvision Y215 Cctv Camera

Name of the Vulnerable Software and Affected Versions: FNKvision Y215 CCTV Camera version 10.194.120.40 Description: A weakness has been identified in the FNKvision Y215 CCTV Camera. This vulnerability affects unknown code within the s1 rf test config file of the Telnet Service component,...

CVE-2025-57771

CVE-2025-57771 affects Roo Code prior to 3.25.5. The flaw lies in the command parsing for auto-execute commands, where process substitution and single ampersand handling can be bypassed, allowing an attacker who can submit crafted prompts to cause arbitrary commands to run alongside the intended ...

INFINITT PACS System Manager 代码问题漏洞

INFINITT PACS System Manager is a medical image archiving and transfer system from INFINITT Corporation. A code issue vulnerability exists in INFINITT PACS System Manager that originates from uploading an arbitrary file, which could lead to a system compromise...

UnoPim 代码问题漏洞

UnoPim is an open source Product Information Management PIM system based on the Laravel framework by UnoPim Open Source. A code issue vulnerability exists in versions of UnoPim prior to 0.2.1 that stems from insufficient validation of client-side file types, which could lead to the upload of...

IBM Edge Application Manager 代码问题漏洞

IBM Edge Application Manager is an application from International Business Machines IBM that provides powerful solutions to address the need to deliver enterprise computing power at the edge of the cloud, closer to where the data is being created and at the edge of the enterprise where action nee...

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +206 more potentially affected by CVE-2025-55284 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-55284 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-12028699...

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +218 more potentially affected by CVE-2025-55284 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.24)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-55284 Source advisory: OSV:GHSA-X5GV-JW7F-J6XJ...

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A code issue vulnerability exists in the F5 BIG-IP LTM, which stems from the fact that enabling the ADH encryption suite when configuring the...

Siemens多款产品 代码问题漏洞

Siemens SIMOTION SCOUT TIA and others are products of Siemens, Germany.Siemens SIMOTION SCOUT TIA is a high-end motion control system.Siemens SIMOTION SCOUT is a high-end motion control system.Siemens SINAMICS STARTER is a drive debugging tool software. A code issue vulnerability exists in severa...

Siemens多款产品 代码问题漏洞

Siemens Automation License Manager is a license manager for Siemens products from Siemens Germany. A code issue vulnerability exists in various Siemens products that stems from susceptibility to DLL hijacking attacks, which could lead to the execution of arbitrary code...

Intel PROSet/Wireless WiFi Software 代码问题漏洞

Intel PROSet/Wireless WiFi Software is a wireless network card driver from Intel Corporation USA. A code issue vulnerability exists in Intel PROSet/Wireless WiFi Software for Windows versions prior to 23.110.0.5, which stems from an improperly checked condition that could lead to a denial of...

agora 代码问题漏洞

agora is a cloud-based learning and research platform open-sourced by the Agora Foundation. A code issue vulnerability exists in versions prior to agora fall23-Alpha1 690ce56, which stems from a user controller allowing non-standard image formats leading to cross-site scripting attacks...