CVE-2025-47857

A improper neutralization of special elements used in an os command 'os command injection' vulnerability CWE-78 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands...

CVE-2025-32766

A stack-based buffer overflow vulnerability CWE-121 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands...

SUSE-SU-2025:02769-1 Security update for amber-cli

This update for amber-cli fixes the following issues: - Update to version 1.13.1+git20250329.c2e3bb8: CVE-2025-30204: Fixed jwt-go excessive memory allocation during header parsing bsc1240511 jwt version upgrade 174 Update policy size limit to 20k 173 Update tenant user model with latest changes...

windmill-cli (>=0.0.1 <=0.0.13) potentially affected by CVE-2025-55152 via @oakserver/oak (>=12.6.2 <=14.1.0)

@oakserver/oak NPM version =12.6.2, =0.0.1, =0.0.13 Source cves: CVE-2025-55152 Source advisory: OSV:GHSA-R3V7-PC4G-7XP9...

PT-2025-32881 · Fortinet · Fortiweb Cli

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb CLI versions 7.6.0 through 7.6.3 Fortinet FortiWeb CLI versions prior to 7.4.8 Description: A flaw exists in the improper neutralization of special elements used in an operating system command, specifically an OS command...

Fortinet FortiWeb CLI 安全漏洞

Fortinet FortiWeb CLI is a command line interface from Fortinet, Inc. A security vulnerability exists in Fortinet FortiWeb CLI versions 7.6.0 through 7.6.3 and prior to 7.4.8, which originates from a stack buffer overflow and could lead to the execution of arbitrary code...

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, crossplane-provider-azure-managedidentity, fulcio, http-echo, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller, opa, postgres-operator-fips, docker-machine-driver-harvester, loki-3.6,...

windmill-cli (>=0.0.1 <=0.0.13) potentially affected by CVE-2025-55152 via @oakserver/oak (>=12.6.2 <=14.1.0)

@oakserver/oak NPM version =12.6.2, =0.0.1, =0.0.13 Source cves: CVE-2025-55152 Source advisory: SNYK:JS-OAKSERVEROAK-11735294...

CVE-2025-7962 vulnerabilities

Vulnerabilities for packages: thingsboard, wildfly, dependency-track, jenkins, keycloak, apicurio-registry, apache-nifi, keycloak-config-cli...

GHSA-9342-92GG-6V29 vulnerabilities

Vulnerabilities for packages: keycloak-config-cli, elasticsearch, jenkins, keycloak, wildfly, apache-nifi, thingsboard, dependency-track, apicurio-registry, keycloak-fips, geoserver, elasticsearch-fips...

CVE-2025-7962 vulnerabilities

Vulnerabilities for packages: keycloak-config-cli, elasticsearch, jenkins, keycloak, wildfly, apache-nifi, thingsboard, dependency-track, apicurio-registry, keycloak-fips, geoserver, elasticsearch-fips...

CVE-2025-48394

CVE-2025-48394 affects Eaton CLI (and related Eaton devices noted in connected sources). A privileged, authenticated attacker could modify the contents of a non-sensitive file by traversing the path in the CLI’s limited shell. The issue is mitigated by a fix in the latest Eaton-supplied version a...

CVE-2025-48394

An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center...

Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

...

The vulnerability of the DDSH CLI interface for Dell EMC Data Domain Operating Systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the DDSH CLI interface for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow attackers to execute arbitrary commands...

CVE-2025-54876

The Janssen Project IAM stores passwords in plaintext in the local cli_cmd.log file for versions 1.9.0 and below, creating a confidentiality risk. Root cause: passwords written to a local log. Severity is MEDIUM (CVSS 4.0 base 6.9) per the advisory. Remediation: upgrade to a version later than 1....

CVE-2025-54876 Jans CLI stores plaintext passwords in the local cli_cmd.log file

The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...

netlify (=22.3.0), netlify-cli (>=22.2.2-pre.dd189fc <=22.3.0-pre.81558e5) potentially affected by CVE-2025-54387 via ipx (=3.0.3)

ipx NPM version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on ipx and may be impacted: - netlify =22.3.0 - netlify-cli =22.2.2-pre.dd189fc, =22.3.0-pre.81558e5 Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...

kubeshark-cli-52.8.0-1.1 on GA media (moderate)

kubeshark-cli-52.8.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15406-1 Rating: moderate Cross-References: CVE-2025-53547 CVSS scores: CVE-2025-53547 SUSE : 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H CVE-2025-53547 SUSE : 8.4...