MAL-2025-190700 Malicious code in react-library-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd7f28e9ee69ccd4dc343423efa26fbdc798388c2d4abdb85588cc5a532dd2c3 The package react-library-setup was found to contain malicious code. Source: ghsa-malware...

Gladinet Triofox Improper Access Control (CVE-2025-12480)

The Gladinet Triofox prior to version 16.7.10368.56560. It is, therefore, are vulnerable to an Improper Access Control flaw. This vulnerability in Gladinet’s Triofox versions before 16.7.10368.56560 that lets unauthenticated attackers bypass authentication via a host-header spoof to...

Malicious code in testingpkgja (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0bd692e8fc46a3f43477d1f095e7c6e2b9666d2d2c60655ac91efd2be07f5193 Package downloads and starts an external executable. The executable starts the Windows calculator application. Considering this and the package description, th...

MAL-2025-191894 Malicious code in testingpkgja (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0bd692e8fc46a3f43477d1f095e7c6e2b9666d2d2c60655ac91efd2be07f5193 Package downloads and starts an external executable. The executable starts the Windows calculator application. Considering this and the package description, th...

MAL-2025-191760 Malicious code in hooktest1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3e91d71ab21e3575f1354593a314d50bc188b0db7b3851040e522426a765417 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

EUVD-2025-198569

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack is possible to be carried out remotely. Th...

CVE-2025-13553

A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2025-13553 D-Link DWR-M920 formPinManageSetup sub_41C7FC buffer overflow

A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2025-13550 D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow

A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has bee...

D-Link DWR-M920 安全漏洞

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that originates from malicious manipulation of the submit-url parameter of the sub41C7FC function in the /boafrm/formPinManageSetup file. An attacker can...

Malicious code in nspacercesolve (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8a8c6f18d1f22d3d0f0b9902a176d91fdfe33270faea47c835a0078955b85914 During installation, the package looks for a flag file and exfiltrates it. Similar content is in the main file. There is no other purpose of the package ---...

MAL-2025-191805 Malicious code in nspacercesolve (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8a8c6f18d1f22d3d0f0b9902a176d91fdfe33270faea47c835a0078955b85914 During installation, the package looks for a flag file and exfiltrates it. Similar content is in the main file. There is no other purpose of the package ---...

Malicious code in peptest2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60249233a6c88847f2043da362196e4b2652bd7dddb8dbfe92cc3e7b2b2676a9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191813 Malicious code in peptest2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60249233a6c88847f2043da362196e4b2652bd7dddb8dbfe92cc3e7b2b2676a9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in peptest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1230d903d5782f1a6d2d779ada368260f2c32d9e4f74bfd3ddd8f4df9c570572 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

minecraft-server-exploit-finder

minecraft-server-exp...

TencentOS Server 4: kernel (TSSA-2025:0429)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0429 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

RaidenFTPD Server <= 2.4.4005 Buffer Overflow Vulnerability

RaidenFTPD v.2.4 build 4005 allows a local attacker to execute arbitrary code via the Server name field of the step by step setup wizard. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2025-63211

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint...

CVE-2025-63209

The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing unauthenticated attackers to retrieve admin credentials and system settings via an unprotected...