MAL-2025-49246 Malicious code in json-schema-to-typescript-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 148a68690ce752d3b4d67269d4cdd05066913f5abbc344c7f7bf9ac550af794b The package json-schema-to-typescript-example was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-62777

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg, which originates from the dnnexecutemodeltf function in the libavfilter/dnnbackendtf.c source file that releases a task object multiple times in...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab EE versions 17.6.0 to before 18.3.5,...

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

NVIDIA ConnectX和NVIDIA BlueField 缓冲区错误漏洞

NVIDIA ConnectX and NVIDIA BlueField are both products of NVIDIA Corporation.NVIDIA ConnectX is a family of Intelligent Network Interface cards.NVIDIA BlueField is a family of data processing units. A buffer error vulnerability exists in NVIDIA ConnectX and NVIDIA BlueField, which stems from a fl...

CVE-2025-31342

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2025-24729)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker to cause a privileged administrator to bypass system restrictions and execute arbitrary...

Excellent Infotek Document Management System 代码问题漏洞

Excellent Infotek Document Management System is a document management system from Excellent Infotek Taiwan, China. A code issue vulnerability exists in the Excellent Infotek Document Management System that stems from an arbitrary file upload vulnerability that could allow an unauthenticated, remo...

Malicious code in src_pages_list_index_tsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 191404621c42806b5e14f38b5dd6674109c26eb03902fa54c23312ee369c6d72 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-34858

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2025-57567

A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...

Malicious code in internal-plugin-lifecycle-card (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 332aa89488a5ecb7012588f98648ef97de374565f906dfc69ff80d4d344e9a03 The OpenSSF Package Analysis project identified 'internal-plugin-lifecycle-card' @ 99.9.10 npm as malicious. It is considered malicious because:...

EUVD-2025-34614

A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges...

RSUPPORT RemoteCall Remote Support Program 代码问题漏洞

RSUPPORT RemoteCall Remote Support Program is a remote assistance software from the Korean company RSUPPORT. A code issue vulnerability exists in RSUPPORT RemoteCall Remote Support Program versions prior to 5.1.0, which stems from an uncontrolled search path element that could lead to the executi...

CVE-2025-61799

Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

EUVD-2025-34383

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

EUVD-2025-34381

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-34284

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-34320

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...