98 matches found
Malicious code in scan-only (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...
EUVD-2026-36673
A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...
CVE-2026-12197
A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...
CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection
A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...
CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection
A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...
CVE-2026-12197
The CVE-2026-12197 affects Ruijie EG105G-P (firmware 2.340). The issue resides in the nslookup function of /cgi-bin/luci/api/diagnose (JSON-RPC Diagnose Endpoint), where manipulating the params.target argument leads to command injection. It enables remote initiation of an attack, with an exploit ...
PT-2026-49148
A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...
Exploit for CVE-2026-31431
SSIA - System Structural Integrity Audit A tool kit for disco...
CVE-2025-61713
A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...
CVE-2025-61713
A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...
CVE-2025-61713
A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...
EUVD-2025-198013
A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...
CVE-2025-61713
A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...
CVE-2025-61713
FortiPAM vulnerability CVE-2025-61713 affects Fortinet FortiPAM 1.0 through 1.6.0. A cleartext storage of sensitive information in memory (CWE-316) enables an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators’ credentials via diagnose commands. Impa...
PT-2025-47365
Name of the Vulnerable Software and Affected Versions FortiPAM versions 1.0 through 1.6.0 Description A cleartext storage of sensitive information in memory issue exists in FortiPAM. An authenticated attacker with read-write administrative privileges to the command-line interface CLI may be able ...
CVE-2025-31514
A insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all...
EUVD-2025-34228
An Insertion of Sensitive Information into Log File vulnerability CWE-532 in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing log...
CVE-2025-31514
A insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all...
CVE-2025-31514
An Insertion of Sensitive Information into Log File vulnerability CWE-532 in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing log...
CVE-2025-31514
An Insertion of Sensitive Information into Log File vulnerability CWE-532 in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing log...