MAL-2025-191978 Malicious code in elf-stats-cranberry-sleigh-853 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f85ae12d2f730c46ea2549c98a491f8ccccf2c8f7a484258398ce7dad89c137c The package elf-stats-cranberry-sleigh-853 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-191968 Malicious code in karemm7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb23140c87c50a27ae4e614762b9639f64ae2148777774915b5cd2ba94f104a0 The package karemm7 was found to contain malicious code. Source: ossf-package-analysis ea900c305547fbc90afe7dd06aac5431c244109fa63d688cb76e909cd3988f...

MAL-2025-191969 Malicious code in kkkaremn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8be05818c3e6f94f41c611af1a16f1a88489f457de3d8b98cc9c4441eee9e557 The package kkkaremn was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

AVTech DGM1104 安全漏洞

AVTech DGM1104 is a network video recorder from AVTech Corporation of Taiwan, China. A security vulnerability exists in the AVTech DGM1104 FullImg-1015-1004-1006-1003 version, which stems from a command injection in the Machine.cgi endpoint that could lead to the execution of arbitrary commands...

Plugin Alliance Installation Manager 安全漏洞

Plugin Alliance Installation Manager is a plugin manager from US-based Plugin Alliance. A security vulnerability exists in Plugin Alliance Installation Manager version v1.4.0 that originates when the InstallationHelper service accepts an unauthenticated XPC connection, which could lead to the...

CVE-2025-57199

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-57198

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-57200

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

PT-2025-48818

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection issue in the /Machine.cgi API endpoint. Attackers can execute arbitrary commands by providing a crafted input...

PT-2025-48819

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection flaw in the NetFailDetectD binary. This allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-55076

The CVE-2025-55076 entry describes a local privilege escalation in Plugin Alliance Installation Manager v1.4.0 for macOS, via the InstallationHelper service that accepts unauthenticated XPC connections and passes input to system(). This could allow a local user to execute arbitrary commands with ...

Linux Distros Unpatched Vulnerability : CVE-2025-66399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input- validation flaw in the SNMP device configuration...

CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

UBUNTU-CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

CVE-2025-66399

Cacti (prior to 1.2.29) is affected by an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are stored verbatim in the database and later embedded into...

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236)

Summary Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2025-36251, CVE-2025-36250, obtain Network Installation Manager NIM private keys CVE-2025-36096, or traverse directories CVE-2025-36236. These vulnerabilities are addressed through the fixes referenced ...

CVE-2025-11786

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

CVE-2025-11786

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

CVE-2025-11786

CVE-2025-11786 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The root cause is in SetUserPassword(): the input parameter newPassword is inserted into a shell command string using sprintf() without sanitisation and then executed with system() . This enables a potential attacker to inject arbitrar...