CVE-2025-34320 BASIS BBj < 25.00 Unauthenticated Arbitrary File Read RCE

BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...

CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

PT-2025-47590

Name of the Vulnerable Software and Affected Versions BASIS BBj versions prior to 25.00 Description BASIS BBj versions prior to 25.00 have a Jetty-served web endpoint that does not properly validate or canonicalize input path segments. This allows unauthenticated directory traversal, potentially...

TencentOS Server 3: emacs (TSSA-2023:0098)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0098 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2025-198179

Claude Code vulnerable to command execution prior to startup trust dialog...

GHSA-5HHX-V7F6-X7GV Claude Code vulnerable to command execution prior to startup trust dialog

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

MAL-2025-190579 Malicious code in hellospa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0582933888e4badd81ead15c78b68f8de23a0c728b5a1584f737bedcfd569184 The package hellospa was found to contain malicious code. Source: ghsa-malware f4e9282a1da51cf6409a4e5196d718d73e8f6f8dbddd339cbdd0535658517576 Any...

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

CVE-2025-63258

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

EUVD-2025-198153

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...

CVE-2025-12472

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...

MAL-2025-190575 Malicious code in werufgugweuiguiwergqui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b0713cad30ef783b4e799858b0b42ec77487f58a9ab6ac77c9941ee1f3bdf8b The package werufgugweuiguiwergqui was found to contain malicious code. Source: ossf-package-analysis...

VulnCheck KEV: CVE-2024-12912

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

AudioCodes Fax Server 安全漏洞

AudioCodes Fax Server is a fax server from AudioCodes Israel. A security vulnerability exists in AudioCodes Fax Server version 2.6.23 and earlier, which stems from command injection in the license activation workflow and could lead to arbitrary command execution...

PT-2025-47449

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool from Google USA for transforming data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from the Looker Developer role that can manipulate LookML projects to take advantage of competing...

EUVD-2025-198084

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files e.g., PHP webshells, which are stored in the /patch/ directory. This...