Lucene search
K

146 matches found

Vulnrichment
Vulnrichment
added 2025/06/12 11:30 p.m.17 views

CVE-2025-4230 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

8.4CVSS7.7AI score0.00637EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.4 views

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h15 / 10.2.x < 10.2.13-h7 / 11.1.x < 11.1.6-h14 / 11.2.x < 11.2.6 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h15, 10.2.x prior to 10.2.13-h7, 11.1.x prior to 11.1.6-h14, or 11.2.x prior to 11.2.6. It is, therefore, affected by a vulnerability. A command injection vulnerability in Palo Alto Networks PAN-OS...

8.4CVSS6.5AI score0.00637EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.9 views

CVE-2019-15804

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...

7.5CVSS7.2AI score0.00931EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:37 a.m.7 views

CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...

9.9CVSS7.8AI score0.04161EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/09 6:8 p.m.7 views

CVE-2025-20213

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials...

5.5CVSS7.1AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 5:18 p.m.23 views

CVE-2025-20213 Cisco Catalyst SDWAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials...

5.5CVSS0.0014EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 5:18 p.m.56 views

CVE-2025-20213

CVE-2025-20213 affects Cisco Catalyst SD-WAN Manager (SD-WAN vManage) with a vulnerability in the CLI that allows an authenticated, local attacker with valid read-only CLI credentials to overwrite arbitrary files on the local filesystem, potentially gaining root privileges. Root cause is improper...

5.5CVSS5.7AI score0.0014EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2025/05/07 4:0 p.m.17 views

Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials...

5.5CVSS5.7AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 8:39 p.m.28 views

CVE-2025-30654

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific...

6.8CVSS6.5AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2025/04/09 8:0 p.m.64 views

CVE-2025-30654

CVE-2025-30654 affects Junos OS and Junos OS Evolved. A local, low-privileged attacker with CLI access can exploit the UI via a specific show mgd command to view sensitive information, including password hashes. Affected versions include Junos OS pre-21.4R3-S10, 22.2 before 22.2R3-S5, 22.4 before...

6.8CVSS6.5AI score0.00154EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2025/03/28 1:8 p.m.57 views

CVE-2025-2858

CVE-2025-2858 describes a privilege-escalation in saTECH BCU firmware 2.1.3. An attacker with CLI access could use the nice command to bypass restrictions and elevate to superuser. Multiple sources (NVD, Red Hat, CVE lists, and related enrichments) confirm the vulnerable component and impact as d...

8.8CVSS7.6AI score0.00263EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2025/03/23 6:34 a.m.238 views

Exploit for Path Traversal in Jenkins

CVE-2024-23897 Jenkins RCE Arbitrary File Read CVE-2024-2389...

9.8CVSS7.1AI score0.99999EPSS
Exploits46
RedhatCVE
RedhatCVE
added 2025/03/19 1:16 p.m.6 views

CVE-2024-54027

A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...

8.2CVSS6.6AI score0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/17 2:15 p.m.1 views

CVE-2024-54027

A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...

8.2CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/03/17 2:15 p.m.3 views

CVE-2020-29010

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensiti...

5CVSS5.8AI score0.00529EPSS
Exploits0References1
CVE
CVE
added 2025/03/12 6:30 p.m.74 views

CVE-2025-0115

CVE-2025-0115 : A vulnerability in Palo Alto Networks PAN-OS allows an authenticated admin on the PAN-OS CLI to read arbitrary files. Exploitation requires network access to the management interface (web, SSH, console, or Telnet) and valid admin credentials. The issue does not affect Cloud NGFW o...

6.8CVSS6.4AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 2:54 p.m.5 views

CVE-2024-55590

Multiple improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via...

8.8CVSS8.9AI score0.0104EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/11 9:49 a.m.19 views

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

4.3CVSS6.1AI score0.00298EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.5 views

PT-2025-10782 · Fortinet · Fortiisolator

Name of the Vulnerable Software and Affected Versions: Fortinet FortiIsolator versions 2.4.0 through 2.4.5 Description: The issue is related to multiple improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This allows an authenticated attacker...

9CVSS6.6AI score0.0104EPSS
Exploits0References10
OSV
OSV
added 2025/03/07 8:56 p.m.9 views

BIT-JENKINS-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS6.5AI score0.00684EPSS
Exploits0References2
Rows per page
Query Builder