MAL-2025-6136 Malicious code in wc (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0074aa23419396ed1a9fe8acbdb9bac05d585129e3723d4db8a9af9f457096c6 Any computer that has this package installed or running should be considered...

MAL-2025-4605 Malicious code in @worksmobile/wmeet-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f7e59ee05e9a26cf1609d57a7f477d90091a9aad3d2eb24673ece96f0addc5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-23691

A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches versions:...

MAL-2025-3829 Malicious code in fca-shaon-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3447878cef2f81b5cf93c10db61caf84d11600727979b580e0f7611302bb645a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-21027 · Undefined · Undefined

New CVE-2025-99999999 CVSS:11.0 Supercritical: if an attacker can mind-control an administrator, they can perform actions as that administrator leading to total compromise. This should be prioritized over all other risks and best practices...

MAL-2024-8811 Malicious code in xiwoeir (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb1d94db067f6098d6410e1d2a798f278db411f0c831d1a43a6fe74c8bc922df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway ESG appliances dating back to at least November 2022. As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately...

CVE-2023-31060

Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise...

CVE-2022-23691

A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches versions:...

CVE-2018-5384

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

Sql injection

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

CVE-2018-5384 Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 31116 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. The attacker must still be an...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 34502 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.1.1 an...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 33476 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.1.0 an...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 34299 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. The attacker must still be an...

waraxe-2004-SA004.txt

================================================================================ waraxe-2004-SA004 ================================================================================ Multiple vulnerabilities in XMB 1.8 Partagium Final SP2...

Vulnerabilities In Pablo Software Solutions FTP Service 1.2

Plaintext Password Vulnerability ------------------------------------ User info is stored in users.dat in plaintext. If the anonymous account is present it is by default the entire FTP server can be compromised ftp://somewhere/program files/pablo's ftp service/users.dat Default Anonymous Account...