CVE-2025-57200

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-57201

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

Malicious code in elf-stats-festive-sparkler-275 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3adaeddf56adca42174e060e74d72cba7c7afff543772ffc7037f6329fe0359 The package elf-stats-festive-sparkler-275 was found to contain malicious code. Source: ghsa-malware...

PT-2025-49131

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server...

Easywall 参数注入漏洞

Easywall is a jpylypiw open source firewall software. A parameter injection vulnerability exists in Easywall version 0.3.1, which stems from a command injection in the /ports-save endpoint that could lead to the execution of arbitrary commands...

CVE-2025-54306

Summary: CVE-2025-54306 affects Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability arises from insufficient input validation in the network configuration flow accessed via /admin/network. User-controlled data is written to environment variables by Bash sc...

Linux Distros Unpatched Vulnerability : CVE-2025-58098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd=...

CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

Malicious code in hast-util-to-mdast9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fabf8dc58c17b065c6576e16228fa6dbe32f4944b01419821880c59edb28d012 The package hast-util-to-mdast9 was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192244 Malicious code in hast-util-to-mdast9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fabf8dc58c17b065c6576e16228fa6dbe32f4944b01419821880c59edb28d012 The package hast-util-to-mdast9 was found to contain malicious code. Source: ghsa-malware...

CVE-2025-34319

TOTOLINK N300RT devices with firmware older than V3.4.0-B20250430 are affected by an OS command injection in the Boa formWsc handling functionality (discovered in V2.1.8-B20201030.1539). The vulnerability allows an unauthenticated attacker to execute commands via the targetAPSsid request paramete...

CVE-2025-57199

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

Malicious code in elf-stats-mulled-bauble-252 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b496322bb576fe2d9c78c8c2982cbbea3a84587c945d2f580c242e2256b0ef69 The package elf-stats-mulled-bauble-252 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-191986 Malicious code in elf-stats-mulled-bauble-252 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b496322bb576fe2d9c78c8c2982cbbea3a84587c945d2f580c242e2256b0ef69 The package elf-stats-mulled-bauble-252 was found to contain malicious code. Source: ossf-package-analysis...

BIT-ACTIVEMQ-2021-21345 XStream is vulnerable to a Remote Command Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

Malicious code in elf-stats-ginger-hammer-326 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b381aa5a37f1282740de384eeff72f5f4d3e57918e530d486989909249b8c821 The package elf-stats-ginger-hammer-326 was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in elf-stats-sparkly-garland-970 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51b40bdf891b2ad849d25f291b27e11a9c8dcae571ad90c75ee7d7f0696e248 The package elf-stats-sparkly-garland-970 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-191983 Malicious code in elf-stats-nutmeg-chimney-245 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f39faacdb6a0a95dc4e8db69c27bc4a0e06a7b11ac0f6c48bf35d1667cfa1cf The package elf-stats-nutmeg-chimney-245 was found to contain malicious code. Source: ossf-package-analysis...