Lucene search
K

69 matches found

Debian CVE
Debian CVE
added 2025/07/22 9:34 p.m.5 views

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

8.1CVSS6AI score0.00562EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:30 a.m.8 views

CVE-2024-38522

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0...

6.3CVSS6.9AI score0.00347EPSS
Exploits1
CVE
CVE
added 2025/04/15 12:0 a.m.56 views

CVE-2025-32987

CVE-2025-32987 affects Arctera eDiscovery Platform prior to version 10.3.2 when the Enterprise Vault Collection Module is used. The root cause is cleartext password exposure on the EVSearcher command line, enabling local disclosure of credentials via an attacker with limited local access. Public ...

6CVSS7.2AI score0.00152EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/02/19 1:41 p.m.4 views

curl: curl doesn't hide credentials in /proc/XXX/cmdline provided via CLI arguments

Summary: cleanarg helper func doesn't work, when credentials are provided without a whitespace to a short options flag, e.g. -uUSER:PASS vs -u USER:PASS or -UUSER:PASS vs -U UUSER:PASS Affected version curl -V curl 8.12.1 x8664-pc-linux-musl libcurl/8.12.1 OpenSSL/3.3.3 zlib/1.3.1 brotli/1.1.0...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 9:2 a.m.5 views

CVE-2024-38523

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to...

7.5CVSS6.6AI score0.00515EPSS
Exploits0
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.6 views

Hush Line 安全漏洞

Hush Line is a free open source anonymous tip line service from Science & Design Open Source. A security vulnerability exists in Hush Line version 0.1.0 through versions prior to 0.3.5, which stems from a production server misconfiguration that does not provide any content security policy or...

7.1CVSS5.9AI score0.003EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/27 12:0 a.m.12 views

Fortinet Fortigate Buffer overflow in TFTP client library of CLI (FG-IR-21-173)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-173 advisory. - A buffer overflow CWE-121 in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an...

6.7CVSS7.6AI score0.00479EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/08/08 12:0 a.m.6 views

The vulnerability of the command-line interface (CLI) of the Cisco AsyncOS operating system for Cisco Secure Web Appliances (formerly known as “Cisco Web Security Appliances”) allows a attacker to execute arbitrary system commands.

The vulnerability of the command-line interface CLI of the Cisco AsyncOS operating system’s web management interface allows attackers to execute arbitrary system commands. This vulnerability is related to incorrect input validation. Exploiting this vulnerability enables attackers to execute...

8.8CVSS5.8AI score0.00164EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/20 6:8 p.m.1 views

SUSE-SU-2024:1700-1 Security update for libosinfo

This update for libosinfo fixes the following issues: - CVE-2019-13313: Fixed password leak via command line argument inside osinfo-install-script bsc1140749...

7.8CVSS7AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2024/03/27 5:15 p.m.4 views

CVE-2024-20306

A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...

6.7CVSS6AI score0.00188EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/03/05 12:0 a.m.6 views

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to execute arbitrary code.

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform exists due to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote attacker to execute...

10CVSS8AI score0.01037EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/24 12:0 a.m.2 views

CVE-2023-43989

An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4AI score0.0036EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.3 views

Line Security Breach

Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1 that stems from vulnerability to disclosure of sensitive information to unauthorized actors...

7.5CVSS6.3AI score0.00694EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.4 views

Juniper Networks Junos OS Buffer Error Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a security vulnerability that originates from a buffer overflow vulnerability in a CLI...

5.5CVSS7.3AI score0.00163EPSS
Exploits0References5
CVE
CVE
added 2023/09/20 12:0 a.m.271 views

CVE-2023-43621

CVE-2023-43621 affects Croc up to version 9.6.5. Affected condition: the shared secret is exposed on the command line and can be read by local users who list processes and their arguments. Reported across multiple sources (GHSA, OSV, NVD). Impact: local disclosure of the secret; no remote/externa...

4.7CVSS4.6AI score0.0029EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/09/13 12:28 p.m.47 views

CVE-2023-25608

CVE-2023-25608 affects Fortinet FortiAP-W2, FortiAP-C, FortiAP, and FortiAP-U products due to incomplete filtering of special elements (CWE-792) in the command line interpreter. An authenticated attacker could read arbitrary files by supplying specially crafted command arguments. Affected version...

6.5CVSS6.5AI score0.00496EPSS
Exploits0References1Affected Software4
OSV
OSV
added 2023/08/02 12:15 a.m.4 views

CVE-2023-31428

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep...

5.5CVSS7.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.7 views

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to execute arbitrary code and bring the system into a fully compromised state.

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform exists due to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote attacker to execute...

9CVSS8.1AI score0.01037EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.7 views

PT-2023-7454 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue is related to vulnerabilities in the command line interface of the Aruba EdgeConnect Enterprise platform. These vulnerabilities allow remote authenticated use...

9CVSS8.8AI score0.01037EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/04/11 12:0 a.m.7 views

The vulnerability of the command-line interface of Cisco IOS XE SD-WAN software allows a attacker to execute arbitrary commands.

The vulnerability of the command-line interface of Cisco IOS XE SD-WAN software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

7.8CVSS7.5AI score0.00222EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder