TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an ""eval"" https://docs.python.org/3/library/functions.htmleval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose ""torchgeo.models.getweight""...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Improper Access Control (CVE-2025-48734)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the improper access control vulnerability Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2...

TencentOS Server 4: apache-commons-beanutils (TSSA-2025:0562)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0562 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Updated apache-commons-beanutils packages fix security vulnerability

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...

MGASA-2025-0299 Updated apache-commons-beanutils packages fix security vulnerability

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...

CVE-2025-40117

In the Linux kernel, the following vulnerability has been resolved: misc: pciendpointtest: Fix array underflow in pciendpointtestioctl Commit eefb83790a0d "misc: pciendpointtest: Add doorbell test case" added NOBAR -1 to the pcibarno enum which, in practical terms, changes the enum from an unsign...

EUVD-2025-179348

Malicious code in delta-string-enum-thread-uglify npm...

EUVD-2025-180176

Malicious code in awk-mock-rain-enum-pi npm...

EUVD-2025-177048

Malicious code in private-enum-compress-upsilon-omega npm...

EUVD-2025-178791

Malicious code in gamma-good-socket-enum-route npm...

EUVD-2025-179321

Malicious code in deploy-thread-scale-omega-enum npm...

EUVD-2025-179113

Malicious code in enum-report-char-rho-alpha npm...

EUVD-2025-179116

Malicious code in enum-new-encode-tree-cluster npm...

EUVD-2025-179115

Malicious code in enum-parse-protected-kernel-refactor npm...

EUVD-2025-179117

Malicious code in enum-interface-grep-reject-debug npm...

EUVD-2025-179118

Malicious code in enum-compress-proxy-thread-user npm...

EUVD-2025-179383

Malicious code in decode-authenticate-final-delta-enum npm...

MAL-2025-185779 Malicious code in beta-enum-notify-view-stack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61bccf3f703fef5887b6554bcd18352453f796633476d23cc246ea564274a9c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-180103

Malicious code in beta-enum-notify-view-stack npm...

EUVD-2025-179619

Malicious code in compress-tau-enum-book-serialize npm...