CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

EUVD-2026-11077

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

CVE-2024-39314

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

EUVD-2017-0336

Malware in sbrugna...

EUVD-2016-2438

Malware in sbrugna...

EUVD-2016-7353

Malware in sbrugna...

EUVD-2011-2476

Malware in sbrugna...

EUVD-2013-6791

Malware in sbrugna...

EUVD-2025-31026

Malicious code in bioql PyPI...

EUVD-2023-35736

Malicious code in bioql PyPI...

EUVD-2022-2415

Malicious code in bioql PyPI...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

CVE-2025-54538

CVE-2025-54538 affects JetBrains TeamCity prior to 2025.07. The issue enables password exposure via the command line in the hg pull operation, exposing sensitive credentials under local access. The vulnerability is tied to password handling during the pull process and is documented across multipl...

CVE-2025-54538

In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command...

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

CVE-2025-32987

CVE-2025-32987 affects Arctera eDiscovery Platform prior to version 10.3.2 when the Enterprise Vault Collection Module is used. The root cause is cleartext password exposure on the EVSearcher command line, enabling local disclosure of credentials via an attacker with limited local access. Public ...

curl: curl doesn't hide credentials in /proc/XXX/cmdline provided via CLI arguments

Summary: cleanarg helper func doesn't work, when credentials are provided without a whitespace to a short options flag, e.g. -uUSER:PASS vs -u USER:PASS or -UUSER:PASS vs -U UUSER:PASS Affected version curl -V curl 8.12.1 x8664-pc-linux-musl libcurl/8.12.1 OpenSSL/3.3.3 zlib/1.3.1 brotli/1.1.0...

Fortinet Fortigate Buffer overflow in TFTP client library of CLI (FG-IR-21-173)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-173 advisory. - A buffer overflow CWE-121 in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an...

SUSE-SU-2024:1700-1 Security update for libosinfo

This update for libosinfo fixes the following issues: - CVE-2019-13313: Fixed password leak via command line argument inside osinfo-install-script bsc1140749...

CVE-2024-20306

A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...