Malicious code in security-testing-research22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64907ea19ad2bdfcd9821121cf13c4cc8445a34d72575729369913b0b7bd9084 The package security-testing-research22 was found to contain malicious code. Source: ossf-package-analysis...

Exploit for CVE-2025-63406

CVE-2025-63406 PoC Installation bash Install depende...

CVE-2025-37162

CVE-2025-37162 describes an authenticated command injection vulnerability in the command line interface of affected devices. Successful exploitation could allow execution of arbitrary OS commands by an attacker with valid credentials and network access; impact is system compromise of the underlyi...

CVE-2025-37163

CVE-2025-37163 describes an authenticated command-injection vulnerability in the HPE Aruba Networking Airwave Platform CLI. An authenticated attacker could run arbitrary OS commands with elevated privileges on the underlying system. Affected component: AirWave CLI; impact is privilege escalation ...

EUVD-2025-198030

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

CVE-2025-63258

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in IBM AIX versions 7.2 and 7.3, as well as in IBM VIOS versions 3.1 and 4.1. The vulnerabilities are related to the insecure storage of NIM private keys, making systems vulnerable to man-in-the-middle attacks. Attackers can also send specially crafted URL requests,...

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

CVE-2025-63258

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

PT-2025-47366

Name of the Vulnerable Software and Affected Versions H3C ERG3/ERG5 series routers H3C XiaoBei series routers H3C cloud gateways H3C wireless access points versions R0162P07 H3C wireless access points version UAP700-WPT330-E2265 H3C wireless access points version UAP672-WPT330-R2262 H3C wireless...

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

PT-2025-47398

Name of the Vulnerable Software and Affected Versions Mozart FM Transmitter version WEBMOZZI-00287 Description The Mozart FM Transmitter web management interface version WEBMOZZI-00287 has an unrestricted file upload issue in the /patch.php endpoint. An attacker with administrative access can...

PT-2025-47326

Name of the Vulnerable Software and Affected Versions Local Agent DVR versions through 6.6.1.0 Description Local Agent DVR is affected by a directory traversal issue. An unauthenticated local attacker can exploit this to access sensitive information, conduct a server-side forgery request SSRF, or...

CVE-2025-63408

CVE-2025-63408 affects Local Agent DVR up to version 6.6.1.0. The vulnerability is a directory traversal that enables an unauthenticated local attacker to: (1) access sensitive information, (2) trigger a server-side forgery request (SSRF), and (3) execute operating system commands. The available ...

EUVD-2025-198022

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

CVE-2025-63258

CVE-2025-63258 is a remote command execution (RCE) affecting H3C ERG3/ERG5 routers, XiaoBei routers, cloud gateways, and associated wireless access points. The root cause is a command injection in the sessionid parameter that can lead to arbitrary code execution. Affected products/versions includ...

HPE Aruba Networking 100 Series Cellular Bridge 安全漏洞

The HPE Aruba Networking 100 Series Cellular Bridge is a 5G/4G mobile network wireless bridge device from HPE America. A security vulnerability exists in the HPE Aruba Networking 100 Series Cellular Bridge that stems from a command injection vulnerability in the command line interface that could...

CVE-2025-63227

The CVE-2025-63227 issue affects Mozart FM Transmitter web management interface WEBMOZZI-00287. Affected component: /patch.php with unrestricted file upload; requires administrative credentials to upload arbitrary files (e.g., PHP webshells) stored under /patch/, enabling execution of arbitrary c...

AIX : Multiple Vulnerabilities (IJ55968)

The version of AIX installed on the remote host is prior to APAR IJ55968. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ55968 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...