MAL-2025-32141 Malicious code in resource-deployment (npm)

The package resource-deployment was found to contain malicious code...

io.quarkus:quarkus-security-webauthn-deployment (>=3.0.0.Alpha1 <=3.18.0), io.quarkus:quarkus-test-security-webauthn (>=3.0.0.Alpha1 <=3.18.0) potentially affected by CVE-2024-12225 via io.quarkus:quarkus-security-webauthn (>=3.0.0.Alpha1 <=3.18.0)

io.quarkus:quarkus-security-webauthn MAVEN version =3.0.0.Alpha1, =3.0.0.Alpha1, =3.0.0.Alpha1, =3.18.0 Source cves: CVE-2024-12225 Source advisory: SNYK:JAVA-IOQUARKUS-9376953...

io.quarkus:quarkus-csrf-reactive-deployment (>=2.13.0.CR1 <=2.16.10.Final) potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=2.13.0.CR1 <=2.16.10.Final)

io.quarkus:quarkus-csrf-reactive MAVEN version =2.13.0.CR1, =2.13.0.CR1, =2.16.10.Final Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

CVE-2023-35830

STW aka Sensor-Technik Wiedemann TCG-4 Connectivity Module DeploymentPackagev3.03r0-Impala and DeploymentPackagev3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackagev3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for...

Fortinet FortiClientEms 路径遍历漏洞

Fortinet FortiClientEms is a centralized, centralized management system from Fortinet, USA. A path traversal vulnerability exists in Fortinet FortiClientEMS versions 6.4.1 and below; 6.2.8 and below, which can be exploited by an attacker to add/remove files to/from a server by injecting a sequenc...