CVE-2025-58188 vulnerabilities

Vulnerabilities for packages: kapp, influxd, restic-fips, fulcio, http-echo, kube-bench, custom-pod-autoscaler-fips, docker-machine-driver-harvester, terraform-provider-azuread, google-osconfig-agent, kube-state-metrics, kapp-controller-fips, fq, pvc-autoresizer, metacontroller,...

GHSA-9GCR-GP5F-JW27 vulnerabilities

Vulnerabilities for packages: kapp, influxd, restic-fips, fulcio, http-echo, kube-bench, custom-pod-autoscaler-fips, docker-machine-driver-harvester, terraform-provider-azuread, google-osconfig-agent, kube-state-metrics, kapp-controller-fips, fq, pvc-autoresizer, metacontroller,...

GHSA-CXQ7-XW9V-RCV3 vulnerabilities

Vulnerabilities for packages: kapp, influxd, restic-fips, fulcio, http-echo, kube-bench, custom-pod-autoscaler-fips, docker-machine-driver-harvester, terraform-provider-azuread, google-osconfig-agent, kube-state-metrics, kapp-controller-fips, fq, pvc-autoresizer, metacontroller,...

AZL-69200 CVE-2025-58183 affecting package gh for versions less than 2.62.0-10

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

CVE-2025-54545

CVE-2025-54545 is a local privilege-escalation in Arista DANZ Monitoring Fabric (DMF) and related products. A restricted user could break out of the CLI sandbox to the system shell, gaining elevated privileges. Arista’s Security Advisory 0124 confirms affected products across DMF, Converged Cloud...

CVE-2025-54545 On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.

On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...

CVE-2025-54545 On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.

On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...

CVE-2025-11202

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-11202

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-11202

CVE-2025-11202 relates to win-cli-mcp-server. The issue is in the resolveCommandPath function where a user-supplied string is used to invoke a system call without proper validation, enabling a remote command execution (RCE). The exploit is unauthenticated and would execute code in the service acc...

CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

EUVD-2025-36658

Jenkins Azure CLI Plugin does not restrict the commands it executes...

Command Injection

Overview org.jenkins-ci.plugins:azure-cli is an A Jenkins plugin to use Azure CLI for managing Azure resources. ❗ This is NOT an official Microsoft plugin 🌟 The advantage of this plugin that it let's you export the CLI result from each command to environment variables and to the next command...

GHSA-RH72-238F-G26Q Jenkins Azure CLI Plugin does not restrict the commands it executes

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller. This allows attackers with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller. As of publication of this advisory, there is no fix...

CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands...

CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands...

CVE-2025-64140

CVE-2025-64140 concerns Jenkins Azure CLI Plugin versions 0.9 and earlier. The root cause is that the plugin does not restrict which commands it can execute on the Jenkins controller, enabling an attacker with Item/Configure permission to run arbitrary shell commands. Reported impacts include ful...

PT-2025-44289

Name of the Vulnerable Software and Affected Versions Jenkins Azure CLI Plugin versions 0.9 and earlier Description The Jenkins Azure CLI Plugin does not restrict the commands it executes on the Jenkins controller. This allows attackers with Item/Configure permission to execute arbitrary shell...

Fedora: Security Advisory (FEDORA-2025-40bd0d18e6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-36093

Malicious code in op-cli-installer npm...