CVE-2025-69262 pnpm vulnerable to Command Injection via environment variable substitution

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

EUVD-2025-23246

Malicious code in bioql PyPI...

EUVD-2025-10009

Malicious code in bioql PyPI...

CVE-2025-54752

Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed...

Amazon Linux 2023 : gnuplot-common, gnuplot-latex, gnuplot-minimal (ALAS2023-2025-960)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-960 advisory. A flaw was found in GNUPlot. A segmentation fault via IOstrinitstaticinternal may jeopardize the environment. CVE-2025-3359 Tenable has extracted the preceding description block directly from the tested...

SUSE CVE-2025-3359

A flaw was found in GNUPlot. A segmentation fault via IOstrinitstaticinternal may jeopardize the environment...

CVE-2025-3359

A flaw was found in GNUPlot. A segmentation fault via IOstrinitstaticinternal may jeopardize the environment...

CVE-2025-3359

A flaw was found in GNUPlot. A segmentation fault via IOstrinitstaticinternal may jeopardize the environment...

IngressNightmare: CVE-2025-1974 - 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX

Over 40% of cloud environments are vulnerable to RCE, likely leading to a complete cluster takeover...

CVE-2024-55577

CVE-2024-55577 describes a stack-based buffer overflow in Linux Ratfor 1.06 and earlier. When processing a specially crafted input file, an attacker can execute arbitrary code, potentially compromising user information or system usability. Several connected sources corroborate this vulnerability ...

DEBIAN-CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

JetBrains Ktor framework 环境问题漏洞

JetBrains Ktor framework is a Web application framework from the Czech company JetBrains. A security vulnerability exists in JetBrains Ktor versions prior to 1.4.1, which stems from HTTP request entrapment attacks are possible. No detailed vulnerability details are provided at this time...

WinMX Detection

The remote host is using WinMX, a p2p file sharing application, which may not be suitable for a business environment. C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid11430; scriptversion"1.17"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"WinMX Detection";...