Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool used by Google, Inc. to transform data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from improper handling of Teradata driver parameters, which could lead to the execution of...

Malicious code in signup-failover (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 312b617198eea306feca99cf5c14a0edb7668482ca605c8e74c2d20f71eddd19 The package signup-failover was found to contain malicious code. Source: ghsa-malware 930d3ccde5bf7b3147cb807fddbc366f04c3185a70a8ff885f106503b657300...

EUVD-2025-198628

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...

CVE-2025-12740 Remote Command Execution in Looker via IBM DB2 JDBC drive

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...

CVE-2025-12740

CVE-2025-12740 affects Looker where a user with Developer role could create a DB2 database connection and, by manipulating LookML, cause Looker to execute a malicious command due to inadequate filtering of the IBM DB2 driver’s parameters. Concrete details across multiple sources confirm the vulne...

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool from Google USA for converting data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from insufficient filtering of Denodo driver parameters, which could lead to the execution of...

TVT NVMS-9000 安全漏洞

The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 prior to version 1.3.4, which stems from an OS command injection flaw in the inclusion of hardcoded API credentials and configuration services, which could lead to...

PT-2025-47964

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

MAL-2025-191760 Malicious code in hooktest1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3e91d71ab21e3575f1354593a314d50bc188b0db7b3851040e522426a765417 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

CVE-2025-65946

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

metasploitable-Security-Assessment comprehensive penetration t...

CVE-2025-65946

Roo Code (AI-powered coding agent) had a validation error before version 3.26.7 that could cause it to automatically execute commands not on the allowed prefixes list. The issue has been patched in version 3.26.7. Affected CVE-2025-65946 entries from multiple feeds confirm the vulnerability and p...

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

Command Execution Vulnerability in DH2100+ NAS of Shenzhen Greenlink Technology Co.

The DH2100+ NAS is a two-drive network attached storage device designed for home and personal users. A command execution vulnerability exists in the Shenzhen Greenlink DH2100+ NAS, which can be exploited by attackers to remotely execute commands...

MAL-2025-191772 Malicious code in kdewebhelper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da8701a407522875f63d2aaa28d27194fe8e2faa4d7782fd66639f224ae62dcd Importing the module connects to a Telegram bot and provides its operator with abilities to execute commands, exfiltrate and encrypt data. The target group see...

CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

CVE-2025-12121

Lite XL versions 2.1.8 and earlier are affected by CVE-2025-12121 due to an unsanitized system.exec usage in core.lua (project directory launching), rootview.lua (drag‑and‑drop handling), and treeview.lua (open in system). This allows arbitrary command execution with the Lite XL process privilege...

CVE-2025-12121 CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

CVE-2025-34320 BASIS BBj < 25.00 Unauthenticated Arbitrary File Read RCE

BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...