📄 Palo Alto PAN-OS CLI Crash

This Metasploit module triggers a denial-of-service condition in the CLI of Palo Alto PAN-OS by sending an overly long input after authentication. This module requires Metasploit Framework and compatible Ruby. require 'msf/core' require 'net/ssh' class MetasploitModule 'Palo Alto PAN-OS CLI Crash...

CVE-2025-4230

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

CVE-2025-4230

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

CVE-2025-4230

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

CVE-2025-4230 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

CVE-2025-4230 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

@dm3-org/dm3-cli (=1.3.0) potentially affected by unknown CVE via ccip-resolver (=0.2.10)

ccip-resolver NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on ccip-resolver and may be impacted: - @dm3-org/dm3-cli =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-5026...

CVE-2025-5897

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h15 / 10.2.x < 10.2.13-h7 / 11.1.x < 11.1.6-h14 / 11.2.x < 11.2.6 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h15, 10.2.x prior to 10.2.13-h7, 11.1.x prior to 11.1.6-h14, or 11.2.x prior to 11.2.6. It is, therefore, affected by a vulnerability. A command injection vulnerability in Palo Alto Networks PAN-OS...

CVE-2023-29184

An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests...

Regular Expression Denial Of Service (ReDoS)

@vue/cli-plugin-pwa is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to unsafe regex handling in the HtmlPwaPlugin component of the Markdown code handler, which can be exploited remotely to degrade performance...

Fortinet FortiOS和Fortinet FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

Fortinet Fortigate SSH key is added even if operation is aborted (FG-IR-23-008)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-008 advisory. - An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2...

@axeridev/flux-ui (>=0.0.7 <=0.4.3), @bpui/build-cli (=0.0.1) +21 more potentially affected by CVE-2025-5897 via @vue/cli-plugin-pwa (>=3.12.1 <=5.0.8)

@vue/cli-plugin-pwa NPM version =3.12.1, =0.0.7, =0.0.6, =0.0.14, =7.0.0-beta.3, =0.12.0-alpha.0, =0.1.2, =0.1.5, =0.1.5, =0.1.2, =7.0.0-beta.3, =2.0.0, =2.3.8 and more Source cves: CVE-2025-5897 Source advisory: OSV:GHSA-79VF-HF9F-J9Q8...

@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

jo-cli (=1.0.2) potentially affected by CVE-2025-5889 via brace-expansion (=3.0.0)

brace-expansion NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on brace-expansion and may be impacted: - jo-cli =1.0.2 Source cves: CVE-2025-5889 Source advisory: OSV:GHSA-V6H2-P8H4-QCJW...

CVE-2025-5897 vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

CVE-2025-5897 vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

CVE-2025-5897

CVE-2025-5897 affects the Vue CLI (vue-cli) up to version 5.0.8, specifically the HtmlPwaPlugin.js in the Markdown Code Handler. The issue is an inefficient regular expression handling that can enable a Regular Expression Denial of Service (ReDoS) scenario and may be triggered remotely. Multiple ...

vuejs Vue CLI 安全漏洞

vuejs Vue CLI is a webpack-based Vue.js development tool open-sourced by Vue. A security vulnerability exists in vuejs Vue CLI version 5.0.8 and earlier, which stems from an inefficient regular expression complexity in the function HtmlPwaPlugin...