CVE-2025-20201

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...

CVE-2025-20122

CVE-2025-20122 affects Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage). The vulnerability stems from insufficient input validation in the CLI, enabling an authenticated, local attacker with read-only privileges to craft a request that could grant root privileges on the underlying OS...

CVE-2025-20213 Cisco Catalyst SDWAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials...

CVE-2025-20213

CVE-2025-20213 affects Cisco Catalyst SD-WAN Manager (SD-WAN vManage) with a vulnerability in the CLI that allows an authenticated, local attacker with valid read-only CLI credentials to overwrite arbitrary files on the local filesystem, potentially gaining root privileges. Root cause is improper...

Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials...

Malicious code in krnl-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a05d69f19cbdf8abd52c5c9a0197fbdc148fc4adc3a835890c3a148b1be4bf03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Azure Linux 3.0 Security Update: cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device-plugin (CVE-2025-22872)

The version of cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device- plugin installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22872 advisory. - The...

CVE-2025-22872 affecting package cf-cli for versions less than 8.7.11-3

CVE-2025-22872 affecting package cf-cli for versions less than 8.7.11-3. A patched version of the package is available...

Security Bulletin: Additional security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2025.

Summary In addition to vulnerabilities announced in Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation...

amber-cli-1.13.1+git20250329.c2e3bb8-1.1 on GA media (moderate)

amber-cli-1.13.1+git20250329.c2e3bb8-1.1 on GA media Announcement ID: openSUSE-SU-2025:15037-1 Rating: moderate Cross-References: CVE-2025-30204 CVSS scores: CVE-2025-30204 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-30204 SUSE : 8.7...

OPENSUSE-SU-2025:15037-1 amber-cli-1.13.1+git20250329.c2e3bb8-1.1 on GA media

These are all security issues fixed in the amber-cli-1.13.1+git20250329.c2e3bb8-1.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in pretty-cli-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94cd11911ce2a0937d9e56087ce9487db18da5bb20df7f1f8948f8356d65c31d Contains an obfuscated code that will download and run a remote script. At the time of the analysis, the remote URLs were delivering empty results --- Category...

MAL-2025-191816 Malicious code in pretty-cli-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94cd11911ce2a0937d9e56087ce9487db18da5bb20df7f1f8948f8356d65c31d Contains an obfuscated code that will download and run a remote script. At the time of the analysis, the remote URLs were delivering empty results --- Category...

@cedarjs/api-server (>=0.0.4 <=9.0.0-canary.1784), @cedarjs/cli (>=0.0.4 <=9.0.0-canary.1784) +65 more potentially affected by unknown CVE via @escape.tech/graphql-armor-cost-limit (>=1.7.0 <=2.4.1)

@escape.tech/graphql-armor-cost-limit NPM version =1.7.0, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.9.1-next.19, =0.0.4, =0.0.4, =0.0.2, =1.0.6, =2.0.6, =2.2.2, =2.19.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-733V-P3H5-QPQ7...

OSV-2025-289 Stack-buffer-overflow in ot::Cli::Utils::OutputLine

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=411460530 Crash type: Stack-buffer-overflow READ Crash state: ot::Cli::Utils::OutputLine ot::Cli::Dns::HandleDnsRecordResponse ot::Dns::Client::FinalizeQuery...

CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18

CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18. A patched version of the package is available...

argocd-cli-2.14.10-1.1 on GA media (moderate)

argocd-cli-2.14.10-1.1 on GA media Announcement ID: openSUSE-SU-2025:15006-1 Rating: moderate Cross-References: CVE-2025-29786 CVSS scores: CVE-2025-29786 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-29786 SUSE : 8.2...

OPENSUSE-SU-2025:15006-1 argocd-cli-2.14.10-1.1 on GA media

These are all security issues fixed in the argocd-cli-2.14.10-1.1 package on the GA media of openSUSE Tumbleweed...

AZL-60545 CVE-2025-22872 affecting package cf-cli for versions less than 8.7.11-3

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...