CVE-2025-65883

A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...

BIT-ACTIVEMQ-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

NoSQL-Injection-2025

NoSQL-Injection-2025 NoSQL Injection exploitation toolkit &amp...

CLSA-2025-1764580671 pki-servlet-engine: Fix of 2 CVEs

CVE-2024-50379: fix TOCTOU vulnerability in JSP compilation to prevent RCE on case insensitive file systems - CVE-2024-38286: fix issue of resource allocation without limits or throttling vulnerability in TLS handshake process - Apply skip-common-daemon patch to remove the commons-daemon.jar copy...

Metasploit Wrap-Up 11/28/2025

This week, we have added 10 new modules to Metasploit Framework including an SMB to MSSQL relay module, a remote code execution module targeting Fortinet software, additional 32-bit and 64-bit RISC-V payloads, and more. The SMB to MSSQL NTLM relay module allows users to open MSSQL sessions and ru...

PT-2025-47450

Name of the Vulnerable Software and Affected Versions Apache Causeway affected versions not specified Description Apache Causeway is susceptible to Java deserialization issues that can lead to remote code execution RCE. Exploitation occurs through user-controllable URL parameters. Authenticated...

EUVD-2025-56099

Malicious code in @rce-web/webpack-resource-plugin npm...

Malicious code in @rce-web/ui-upgrade-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57e62e8b0f953b91fb74e52a2d70374df46b221c1d7cc57bcc80e0671cf32796 The package @rce-web/ui-upgrade-dialog was found to contain malicious code. Source: ossf-package-analysis...

CVE-2020-36870

CVE-2020-36870 affects Ruijie Gateway EG and Ruijie NBR series (firmware versions 11.1(6)B9P1 through 11.9(4)B12P1 are vulnerable). Root cause is a code execution vulnerability in the EWEB management system that can be abused via front-end functionality; when features such as guest authentication...

Malicious code in rce-poc-test-honor-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 216f60aec8616ca96e607a879e30241ea807ed24fcb4b775afc5b8ef4d3f4a09 The package rce-poc-test-honor-mcp was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-38223

Malicious code in rce-poc-test-honor-mcp npm...

Malicious Package

Overview rce-poc-test-honor-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

EUVD-2025-38226

Malicious code in rce-poc-test-honor-dev npm...

MAL-2025-49383 Malicious code in rce-poc-test-honor-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 216f60aec8616ca96e607a879e30241ea807ed24fcb4b775afc5b8ef4d3f4a09 The package rce-poc-test-honor-mcp was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview rce-poc-test-honor-mcp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious code in rce-poc-test-honor-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b66eed52fc0c24b51f24da6c244c23fc29ce6228dd4a97a0606f71bb254f02b7 The package rce-poc-test-honor-dev was found to contain malicious code. Source: ghsa-malware...

CVE-2025-46581

ZTE's ZXCDN product is affected by a Struts remote code execution RCE vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges...

CVE-2025-46581

CVE-2025-46581 affects ZTE ZXCDN, with an Apache Struts remote code execution vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges. Several connected sources corroborate a Struts-based RCE affecting ZXCDN, but none provide concrete product version(s) o...

PT-2025-41532

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver affected versions not specified Description The NVIDIA Display Driver contains a flaw where an uncontrolled DLL loading path can be exploited. This could lead to arbitrary denial of service, escalation of privileges, code...

EUVD-2018-1886

Malware in sbrugna...