The vulnerability of the CLI component of Fortinet’s FortiAP-S, FortiAP-W2, and FortiAP software solutions allows attackers to execute arbitrary commands.

The vulnerability of the CLI component of Fortinet’s FortiAP-S/W2 and FortiAP products exists due to the failure to take measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

GHSA-QXP5-GWG8-XV66 vulnerabilities

Vulnerabilities for packages: kaniko, crossplane-provider-sql, kaf, wal-g, prometheus-alertmanager, k8sgpt-operator, memcached-exporter, crossplane-provider-aws-memorydb, crossplane-provider-aws-cloudfront, gcsfuse, step, trillian, k6, nri-prometheus, ko, flannel, cortex, kapp, hcloud,...

CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-20

CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-20. A patched version of the package is available...

CVE-2025-0115

CVE-2025-0115 : A vulnerability in Palo Alto Networks PAN-OS allows an authenticated admin on the PAN-OS CLI to read arbitrary files. Exploitation requires network access to the management interface (web, SSH, console, or Telnet) and valid admin credentials. The issue does not affect Cloud NGFW o...

CVE-2025-20138

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

CVE-2025-20138 Cisco IOS XR Software CLI Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

Malicious code in simple-progress-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b0b2ded38b63b01027590e0a217718f8b204d46705ecbb37c8d33733ffa1177 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2281 Malicious code in simple-progress-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b0b2ded38b63b01027590e0a217718f8b204d46705ecbb37c8d33733ffa1177 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24049

Improper neutralization of special elements used in a command 'command injection' in Azure Command Line Integration CLI allows an unauthorized attacker to elevate privileges locally...

CVE-2024-46663

A stack-buffer overflow vulnerability CWE-121 in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands...

CVE-2024-33501

Two improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7...

CVE-2024-32123

Multiple improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0...

CVE-2024-55590

Multiple improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via...

CVE-2024-46663

A stack-buffer overflow vulnerability CWE-121 in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands...

CVE-2024-46663

A stack-buffer overflow vulnerability CWE-121 in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands...

CVE-2024-46663

CVE-2024-46663: A stack-buffer overflow (CWE-121) affects Fortinet FortiMail CLI, versions 7.6.0–7.6.1 and prior to 7.4.3. The flaw allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI input. Context in sources indicates Fortinet/FortiGuard PSIRT referen...

CVE-2024-45328

An incorrect authorization vulnerability CWE-863 in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu...

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Azure Command Line Integration CLI allows an unauthorized attacker to elevate privileges locally...

Fortinet FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A security vulnerability exists in Fortinet FortiSandbox versions 4.4.0 to...