CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...

@astar-network/swanky-cli (>=2.2.0-alpha.0 <=2.2.3), @neon.id/uji-grader (>=1.0.0 <=1.2.0) +1 more potentially affected by CVE-2025-54803 via js-toml (>=0.1.1 <=1.0.0)

js-toml NPM version =0.1.1, =2.2.0-alpha.0, =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2025-54803 Source advisory: OSV:GHSA-65FC-CR5F-V7R2...

CVE-2025-30098

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...

netlify (=22.3.0), netlify-cli (>=22.2.2-pre.dd189fc <=22.3.0-pre.81558e5) potentially affected by CVE-2025-54387 via ipx (=3.0.3)

ipx NPM version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on ipx and may be impacted: - netlify =22.3.0 - netlify-cli =22.2.2-pre.dd189fc, =22.3.0-pre.81558e5 Source cves: CVE-2025-54387 Source advisory: OSV:GHSA-MM3P-J368-7JCR...

PT-2025-44787

Name of the Vulnerable Software and Affected Versions React Native Community CLI versions 4.8.0 through 20.0.0-alpha.2 Description The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint vulnerable to...

OPENSUSE-SU-2025:15406-1 kubeshark-cli-52.8.0-1.1 on GA media

These are all security issues fixed in the kubeshark-cli-52.8.0-1.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in schematics-cli (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in polidoro-cli (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6568 Malicious code in polidoro-cli (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in neptune-cli (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6557 Malicious code in neptune-cli (PyPI)

--- -= Per source details. Do not edit below this line.=-...

(Pwn2Own) QNAP QHora-322 qsyslog-cli username Format String Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the username parameter provided to the qsyslog-cli...

GHSA-X4RX-4GW3-53P4 vulnerabilities

Vulnerabilities for packages: trivy, opentelemetry-collector-contrib, falcoctl, buf, zot, zarf, dagger, syft, buildkitd, aws-otel-collector, prometheus, wolfictl, grype, goreleaser, tw, cadvisor, osv-scanner, k9s, kargo, opentelemetry-collector, melange, openfga, telegraf, docker-compose, buildah...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

GO-2025-3789 Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode in github.com/snyk/go-application-framework

Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode in github.com/snyk/go-application-framework...

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...

PT-2025-30717 · Openai +1 · Openai Codex Cli +1

Name of the Vulnerable Software and Affected Versions: OpenAI Codex CLI versions prior to 0.9.0 Description: The OpenAI Codex CLI application automatically approves the execution of ripgrep rg even when specific flags—--pre, --hostname-bin, --search-zip, or -z—are used. Recommendations: Update to...

OpenAI Codex CLI 安全漏洞

OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. A security vulnerability exists in OpenAI Codex CLI versions prior to 0.9.0 that stems from automatic approval of ripgrep execution, which could lead to a security risk...

CVE-2025-54558

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep aka rg execution even with the --pre or --hostname-bin or --search-zip or -z flag...

Juniper Junos OS Vulnerability (JSA100095)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100095 advisory. - An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved...