CVE-2025-1753 Command Injection in LLama-Index CLI in run-llama/llama_index

LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the --files argument, which is directly passed into os.system. An attacker who controls the content of this argument can inject and execute arbitrary shell...

CVE-2025-1753 Command Injection in LLama-Index CLI in run-llama/llama_index

LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the --files argument, which is directly passed into os.system. An attacker who controls the content of this argument can inject and execute arbitrary shell...

Command Injection

Overview llama-index-cli is a llama-index cli Affected versions of this package are vulnerable to Command Injection through the CLI interface due to pasting the --files argument directly into os.system. An attacker who controls the content of this argument can execute arbitrary commands on the...

CVE-2025-1753

CVE-2025-1753 affects the LLama-Index CLI version v0.12.20. The vulnerability stems from the improper handling of the --files argument, which is directly passed into os.system, enabling an attacker who controls the content of this argument to inject and execute arbitrary shell commands. Impact ca...

PT-2025-23074 · Unknown · Llama-Index Cli

Name of the Vulnerable Software and Affected Versions: LLama-Index CLI version v0.12.20 Description: The LLama-Index CLI contains an OS command injection issue due to the improper handling of the --files argument, which is directly passed into os.system. This allows an attacker who controls the...

SUSE CVE-2025-48056

Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output...

Malicious code in mexc-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7500b4df256dbb552286c7f37d34b2748ff1b5ef9f95263acf51f4806a5b2bda Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4440 Malicious code in mexc-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7500b4df256dbb552286c7f37d34b2748ff1b5ef9f95263acf51f4806a5b2bda Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora: Security Advisory (FEDORA-2024-ee636be6ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-13270a731d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2025:15158-1 gh-2.73.0-1.1 on GA media

These are all security issues fixed in the gh-2.73.0-1.1 package on the GA media of openSUSE Tumbleweed...

📄 Palo Alto 11.1.4-h7 Memory Corruption

Palo Alto version 11.1.4-h7 post authentication memory corruption proof of concept exploit. !/usr/bin/env python3 post auth cli memory corruption poc for paloalto 11.1.4-h7 19.01.2025 @ 00:23 postauth user in general 'admin' but we'll get back to that later ; can use cli to provide one of the...

GO-2025-3700 Character injection in Hubble CLI in github.com/cilium/hubble

Character injection in Hubble CLI in github.com/cilium/hubble...

CVE-2024-20343

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the...

CVE-2024-20289

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An...

CVE-2024-25249

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

CVE-2024-38987

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-45401

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

CVE-2024-41124

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by...

CVE-2024-31483

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system...