CVE-2025-27023

Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of...

CVE-2025-27023

CVE-2025-27023 affects Infinera G42, specifically version R6.1.3. The issue is improper input validation in the WebGUI CLI web interface, enabling remote authenticated users to read all OS files by crafting CLI commands (and by triggering execution of a script-file present on the device). The roo...

PT-2025-27618 · Infinera · Infinera G42

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue is related to insufficient input validation in the WebGUI CLI web interface of the Infinera G42 appliance. This allows remote authenticated users to read all OS files via crafted CLI commands...

@kakashi-ventures-accelerator/catalyst-cli (=0.1.0), @mew-protocol/mew (>=0.5.0 <=0.11.0) +1 more potentially affected by CVE-2025-53110 via @modelcontextprotocol/server-filesystem (=0.6.2)

@modelcontextprotocol/server-filesystem NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @kakashi-ventures-accelerator/catalyst-cli =0.1.0 - @mew-protocol/mew =0.5.0,...

@kakashi-ventures-accelerator/catalyst-cli (=0.1.0), @mew-protocol/mew (>=0.5.0 <=0.11.0) +1 more potentially affected by CVE-2025-53109 via @modelcontextprotocol/server-filesystem (=0.6.2)

@modelcontextprotocol/server-filesystem NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on @modelcontextprotocol/server-filesystem and may be impacted: - @kakashi-ventures-accelerator/catalyst-cli =0.1.0 - @mew-protocol/mew =0.5.0,...

Insertion Of Sensitive Information Into Log File

snyk is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper logging of sensitive data because of debug and trace log modes capturing container registry credentials, authentication tokens, and access tokens when certain CLI commands are executed...

Sensitive Data Exposure

Infinispan CLI is vulnerable to sensitive data exposure. The vulnerability is due to processing a Base64-decoded Kubernetes secret password in plaintext and including it in a command string, which may expose the data in error messages when a command is not found, allowing attackers to exploit thi...

CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-5731

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-5731 Infinispan: credential leakage in infinispan cli

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-5731

Summary: CVE-2025-5731 affects the Infinispan CLI, where a credential decoded from a Kubernetes secret is handled in plaintext and can appear in a command string, potentially leaking data in an error message when a command is not found. Root cause: insecure processing/embedding of the decoded sec...

CVE-2025-5731 Infinispan: credential leakage in infinispan cli

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-5731

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found. Mitigation Currently, no mitigation is available for this...

Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

GHSA-6HWC-9H8R-3VMF Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

PT-2025-26934 · Snyk · Snyk Cli

Name of the Vulnerable Software and Affected Versions: snyk versions prior to 1.1297.3 Description: The issue allows for the insertion of sensitive information into log files through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line...

PT-2025-27013 · Unknown · Infinispan Cli

Name of the Vulnerable Software and Affected Versions: Infinispan CLI affected versions not specified Description: A flaw was found in Infinispan CLI where a sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext. This password is included in a command stri...

CVE-2025-5981

OSV-SCALIBR is affected by a path traversal vulnerability in its unpack() function used for container images, exploitable when the CLI flag --remote-image is used on untrusted images. The issue allows arbitrary file write on the host as the OSV-SCALIBR user. Several sources (GitHub commit referen...