CVE-2024-31474

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI Aruba's Access Point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

CVE-2024-31467

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's Access Point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...

CVE-2024-57078

A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

cli-util 安全漏洞

cli-util is a utility function of the cli toolkit open source by cli-kit. A security vulnerability exists in cli-util version v1.1.27, which stems from the lib.merge function containing a prototype contamination vulnerability...

CVE-2024-57078

CVE-2024-57078 describes a prototype pollution in cli-util v1.1.27, specifically affecting the lib.merge function. The underlying issue is prototype contamination that attackers can leverage to trigger a Denial of Service (DoS) via a crafted payload. Public documents consistently identify cli-uti...

CVE-2024-57078

A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

PT-2025-5772 · Cli-Util · Cli-Util

Name of the Vulnerable Software and Affected Versions: cli-util version 1.1.27 Description: A prototype pollution in the lib.merge function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For version 1.1.27, consider disabling the lib.merge...

CVE-2024-48964

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning...

CVE-2024-48963

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning truste...

Malicious code in drift-v1-cli (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc8e83d9fff21b8fd67210fa3db37e1aec46e02dc3da9b43ebbc8ce199d20723 Any computer that has this package installed or running should be considered...

MAL-2025-1215 Malicious code in drift-v1-cli (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc8e83d9fff21b8fd67210fa3db37e1aec46e02dc3da9b43ebbc8ce199d20723 Any computer that has this package installed or running should be considered...

ch.acanda.maven:code-analysis-maven-plugin (>=1.6.0 <=1.6.1), net.sourceforge.pmd:pmd-cli (>=7.0.0 <=7.1.0) +1 more potentially affected by CVE-2025-23215 via net.sourceforge.pmd:pmd-designer (=7.0.0)

net.sourceforge.pmd:pmd-designer MAVEN version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on net.sourceforge.pmd:pmd-designer and may be impacted: - ch.acanda.maven:code-analysis-maven-plugin =1.6.0, =7.0.0, =7.0.0, =7.1.0 Source cves:...

Malicious code in cli-docs-site (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy

ScaryByte R&D PoC for CVE-2024-55591 A comprehensive all-in...

[SECURITY] Fedora 41 Update: podman-5.3.2-1.fc41

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (>=1.1.0 <=1.2.36) potentially affected by CVE-2025-24363 via org.hl7.fhir.publisher:org.hl7.fhir.publisher.core (>=1.1.0 <=1.2.9)

org.hl7.fhir.publisher:org.hl7.fhir.publisher.core MAVEN version =1.1.0, =1.1.0, =1.2.36 Source cves: CVE-2025-24363 Source advisory: OSV:GHSA-6729-95V3-PJC2...

CVE-2025-23237

CVE-2025-23237 affects I-O DATA UD-LT2 devices running firmware 1.00.008_SE and earlier. The vulnerability is an OS Command Injection caused by improper neutralization of special elements used in an OS command. When an administrator logs in to the device CLI, an arbitrary OS command could be exec...

CVE-2025-23237

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in UD-LT2 firmware Ver.1.00.008SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed...

CVE-2024-45338 affecting package cf-cli for versions less than 8.7.3-5

CVE-2024-45338 affecting package cf-cli for versions less than 8.7.3-5. A patched version of the package is available...