Malicious code in open-source-catalog (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3bfbe0348c0d5c8d07d2f1fe1b504717cbe1e2f686ce8d05381049ec4df11e0 Any computer that has this package installed or running should be considered...

CVE-2025-20308 Cisco Spaces Connector Privilege Escalation Vulnerability

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker...

EUVD-2025-19716

An unauthenticated command injection vulnerability exists in stamparm/maltrail Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input...

Malicious code in sdk.babelhelpers (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ecc77e86573c3fd986a8fac35d0368893554af91bcf9f31d8e0c2fa342d3890 Any computer that has this package installed or running should be considered...

Reliability Analysis of Smart Contract Execution Architectures: a Comparative Simulation Study

The industrial market continuously needs reliable solutions to secure autonomous systems. Especially as these systems become more complex and interconnected, reliable security solutions are becoming increasingly important. One promising solution to tackle this challenge is using smart contracts...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Execute commands feature, which allows shell commands to be executed without restriction to the assigned scope. An attacker can gain unauthorized read and write access to all files managed by the serv...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Execute commands feature, which allows shell commands to be executed without restriction to the assigned scope. An attacker can gain unauthorized read and write access to all files managed by the serv...

CVE-2025-20282

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...

CVE-2025-20282

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...

Malicious code in attributors (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbefeaf34d3565832f706ae95a143747b2d0ff0a593532a3b8088020fd11bc1d The OpenSSF Package Analysis project identified 'attributors' @ 99.99...

PT-2025-26857 · Microsens · Microsens Nmp Web+

Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ affected versions not specified Description: The issue could allow an unauthenticated attacker to overwrite files and execute arbitrary code. Recommendations: At the moment, there is no information about a newer version tha...

MICROSENS NMP Web+ 路径遍历漏洞

MICROSENS NMP Web+ is a network management platform from the German company MICROSENS. MICROSENS NMP Web+ suffers from a path traversal vulnerability that originates from an unauthenticated attacker being able to overwrite files and execute arbitrary code...

TeamViewer Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service,...

msm_npu Race Condition / Memory Corruption

msmnpu has a race condition between npuhostunloadnetwork and npuhostexecnetworkv2 that leads to memory corruption...

CVE-2025-43877

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...

CVE-2025-52562

Convoy CVE-2025-52562 describes an unauthenticated directory traversal vulnerability in the LocaleController affecting Convoy versions 3.9.0-rc3 through 4.4.0. Exploitation allows including and executing arbitrary PHP files on the server. The issue has been patched in version 4.4.1; a temporary w...

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

Malicious code in jridgewell-resolve-uri-latest (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ebc214d374220844dddff1ed8dc339282cd98387925c0d108222a3dc578d430 Any computer that has this package installed or running should be considered...