69 matches found
CVE-2025-54072
yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...
CVE-2024-38522
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...
CVE-2025-32987
CVE-2025-32987 affects Arctera eDiscovery Platform prior to version 10.3.2 when the Enterprise Vault Collection Module is used. The root cause is cleartext password exposure on the EVSearcher command line, enabling local disclosure of credentials via an attacker with limited local access. Public ...
curl: curl doesn't hide credentials in /proc/XXX/cmdline provided via CLI arguments
Summary: cleanarg helper func doesn't work, when credentials are provided without a whitespace to a short options flag, e.g. -uUSER:PASS vs -u USER:PASS or -UUSER:PASS vs -U UUSER:PASS Affected version curl -V curl 8.12.1 x8664-pc-linux-musl libcurl/8.12.1 OpenSSL/3.3.3 zlib/1.3.1 brotli/1.1.0...
CVE-2024-38523
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...
Hush Line 安全漏洞
Hush Line is a free open source anonymous tip line service from Science & Design Open Source. A security vulnerability exists in Hush Line version 0.1.0 through versions prior to 0.3.5, which stems from a production server misconfiguration that does not provide any content security policy or...
Fortinet Fortigate Buffer overflow in TFTP client library of CLI (FG-IR-21-173)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-173 advisory. - A buffer overflow CWE-121 in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an...
The vulnerability of the command-line interface (CLI) of the Cisco AsyncOS operating system for Cisco Secure Web Appliances (formerly known as “Cisco Web Security Appliances”) allows a attacker to execute arbitrary system commands.
The vulnerability of the command-line interface CLI of the Cisco AsyncOS operating system’s web management interface allows attackers to execute arbitrary system commands. This vulnerability is related to incorrect input validation. Exploiting this vulnerability enables attackers to execute...
SUSE-SU-2024:1700-1 Security update for libosinfo
This update for libosinfo fixes the following issues: - CVE-2019-13313: Fixed password leak via command line argument inside osinfo-install-script bsc1140749...
CVE-2024-20306
A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...
The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to execute arbitrary code.
The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform exists due to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote attacker to execute...
CVE-2023-43989
An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
Line Security Breach
Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1 that stems from vulnerability to disclosure of sensitive information to unauthorized actors...
Juniper Networks Junos OS Buffer Error Vulnerability
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a security vulnerability that originates from a buffer overflow vulnerability in a CLI...
CVE-2023-43621
CVE-2023-43621 affects Croc up to version 9.6.5. Affected condition: the shared secret is exposed on the command line and can be read by local users who list processes and their arguments. Reported across multiple sources (GHSA, OSV, NVD). Impact: local disclosure of the secret; no remote/externa...
CVE-2023-25608
CVE-2023-25608 affects Fortinet FortiAP-W2, FortiAP-C, FortiAP, and FortiAP-U products due to incomplete filtering of special elements (CWE-792) in the command line interpreter. An authenticated attacker could read arbitrary files by supplying specially crafted command arguments. Affected version...
CVE-2023-31428
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep...
The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to execute arbitrary code and bring the system into a fully compromised state.
The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform exists due to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote attacker to execute...
PT-2023-7454 · Aruba · Aruba Edgeconnect Enterprise
Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue is related to vulnerabilities in the command line interface of the Aruba EdgeConnect Enterprise platform. These vulnerabilities allow remote authenticated use...
The vulnerability of the command-line interface of Cisco IOS XE SD-WAN software allows a attacker to execute arbitrary commands.
The vulnerability of the command-line interface of Cisco IOS XE SD-WAN software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...