8000 matches found
CVE-2025-24477
CVE-2025-24477 describes a heap-based buffer overflow in Fortinet FortiOS. Affects FortiOS versions 7.6.0–7.6.2, 7.4.0–7.4.7, and 7.2.4–7.2.12. Root cause: heap overflow triggered by specially crafted CLI commands in the cw_stad daemon, allowing privilege escalation. Initial reports indicate loca...
CVE-2025-24477
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI command...
CLI history displays inline passwords
A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface CLI in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized...
CVE-2025-48924 vulnerabilities
Vulnerabilities for packages: solr, akhq, infinispan, nrjmx, wildfly, apache-activemq-artemis, jenkins-plugin-manager, thingsboard, apache-nifi, kafka, liquibase, apache-tika, keycloak-config-cli, maven-stage0, sonar-scanner-cli, management-api-for-apache-cassandra-5.0, gradle, flyway,...
GHSA-J288-Q9X7-2F5V vulnerabilities
Vulnerabilities for packages: solr, akhq, infinispan, nrjmx, wildfly, apache-activemq-artemis, jenkins-plugin-manager, thingsboard, apache-nifi, kafka, liquibase, apache-tika, keycloak-config-cli, maven-stage0, sonar-scanner-cli, management-api-for-apache-cassandra-5.0, gradle, flyway,...
GHSA-J288-Q9X7-2F5V vulnerabilities
Vulnerabilities for packages: spark-fips, spdx-tools-java, solr, py3-vllm-cuda-12.4, akhq, apache-nifi, nextflow, thingsboard, dependency-track, camunda-zeebe, cassandra, opensearch, keycloak-config-cli, elasticsearch-fips, infinispan, tritonserver-backend-vllm, leiningen, hadoop-client-modules,...
Fedora 43 : lw-cli (2025-40bd0d18e6)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-40bd0d18e6 advisory. Automatic update for lw-cli-0.7.0-3.fc43. Changelog Sat Jul 12 2025 Mikel Olasagasti Uranga - 0.7.0-3 - Adopt Go Vendor Tools - Closes rhbz2340803 rhbz235231...
CVE-2025-52988 Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout'
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted argument...
CVE-2025-52986 Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of...
[SECURITY] Fedora 41 Update: rust-nu-cli-0.99.1-6.fc41
CLI-related functionality for Nushell...
[SECURITY] Fedora 42 Update: rust-nu-cli-0.99.1-6.fc42
CLI-related functionality for Nushell...
CVE-2025-53547 vulnerabilities
Vulnerabilities for packages: envoy-gateway, k8sgpt, harbor, teleport, cerbos, rancher-fleet, pluto, k8ssandra-client, rancher-helm, kots, helm-operator, k9s, cert-manager-cmctl, chartmuseum, helm-docs, tw, flux-source-controller, flux-helm-controller, consul-k8s, flux, eksctl, zot, kargo,...
GHSA-557J-XG8C-Q2MM vulnerabilities
Vulnerabilities for packages: envoy-gateway, k8sgpt, harbor, teleport, cerbos, rancher-fleet, pluto, k8ssandra-client, rancher-helm, kots, helm-operator, k9s, cert-manager-cmctl, chartmuseum, helm-docs, tw, flux-source-controller, flux-helm-controller, consul-k8s, flux, eksctl, zot, kargo,...
CVE-2025-53547 vulnerabilities
Vulnerabilities for packages: trivy-fips, trivy, eksctl, linkerd2, cert-manager-cmctl, chart-testing, helm-push, zot, cerbos, flux-helm-controller-fips, cerbos-fips, flux-source-controller-fips, tw, cluster-api-helm-controller, kuma, zarf, envoy-gateway, istio-fips, flux-fips,...
GHSA-557J-XG8C-Q2MM vulnerabilities
Vulnerabilities for packages: trivy-fips, trivy, eksctl, linkerd2, cert-manager-cmctl, chart-testing, helm-push, zot, cerbos, flux-helm-controller-fips, cerbos-fips, flux-source-controller-fips, tw, cluster-api-helm-controller, kuma, zarf, envoy-gateway, istio-fips, flux-fips,...
Malicious code in cli-wasm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e681236ac61ae5750fc09fb6b554532ef05f7dba07c824477fd8940d95387957 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5677 Malicious code in cli-wasm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e681236ac61ae5750fc09fb6b554532ef05f7dba07c824477fd8940d95387957 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the CLI component of the Brocade Fabric OS operating system allows a hacker to trigger a service failure.
The vulnerability of the CLI component of the Brocade Fabric OS operating system is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
CVE-2025-53376
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...