6303 matches found
PT-2025-50767
Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.3 WBCE CMS version 1.6.3 Description WBCE CMS versions 1.6.3 and earlier have a flaw that permits administrators to execute code remotely by uploading malicious modules. An attacker can create a ZIP module...
PT-2025-50666
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...
CVE-2025-56099
CVE-2025-56099 affects Ruijie RG-YST AP with firmware 3.0(1)B11P280YST250F. The issue is an OS Command Injection in the pwdmodify handler located at /usr/lib/lua/luci/modules/common.lua, triggered by a crafted POST request. The vulnerability allows an attacker to execute arbitrary commands with l...
CVE-2025-56108
CVE-2025-56108 affects Ruijie X30-PRO (X30-PRO-V1_09241521). An OS command injection via a crafted POST to /usr/lib/lua/luci/modules/common.lua pwdmodify allows arbitrary command execution. Root cause: improper handling in the pwdmodify function. Impact: high (remote command execution with networ...
CVE-2025-56096
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...
CVE-2025-13653
In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...
Malicious Package
Overview modules-runtime is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-202361
Malicious code in modules-runtime npm...
Malicious code in modules-runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e707f153606cc933eafdfa4c883bf1092791f4fe0e80278d963dda8dd5291a46 The package modules-runtime was found to contain malicious code. Source: ghsa-malware e0c351f7e54009deb9f1a8fa206a6cc720b4a472a7b969018b50ae235fcac91...
MAL-2025-192413 Malicious code in modules-runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e707f153606cc933eafdfa4c883bf1092791f4fe0e80278d963dda8dd5291a46 The package modules-runtime was found to contain malicious code. Source: ghsa-malware e0c351f7e54009deb9f1a8fa206a6cc720b4a472a7b969018b50ae235fcac91...
USN-7909-2 linux-intel-iot-realtime, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...
Meta React Server Components 安全漏洞
React Server Components is a new component model in the React Framework that allows components to run and render on the server and not execute in the client browser. Meta React Server Components has a remote code execution vulnerability that stems from a lack of security checks when parsing...
CVE-2025-64750 Singluarity ineffectively applies of selinux / apparmor LSM process labels
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...
CVE-2025-13653
In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...
CVE-2025-13653 Unauthorized access to documents in data streams with specially crafted requests
In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...
CVE-2025-13653
In the provided connected documents, CVE-2025-13653 affects Search Guard FLX versions 3.1.0 through 4.0.0 when enterprise modules are disabled. The issue allows authenticated users to issue specially crafted requests to read documents from data streams without the required privileges, leading to ...
CVE-2025-13653 Unauthorized access to documents in data streams with specially crafted requests
In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...
metasploit-framework
This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules and tools for exploiting vulnerabilities and conducting penetration testing. The primary...
VulnCheck KEV: CVE-2025-8943
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...
CVE-2025-13735
Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files Code/nrfw/DLP/src/NrCgi.C. This issue affects LapwingLinux: before 2025/11/26...