PT-2025-47397

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the command line interface that may allow a remote attacker with authentication to inject commands. Exploitation could lead to the execution of arbitrary commands on the operating...

PT-2025-47391

Name of the Vulnerable Software and Affected Versions HPE Aruba Networking Airwave Platform affected versions not specified Description A command injection issue exists in the command line interface of the HPE Aruba Networking Airwave Platform. A successful exploit allows an authenticated attacke...

GHSA-5J98-MCP5-4VW2 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Summary The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the CLI, via the -c/--cmd option. The processing of commandline options in src/bin.mts calls the foregroundChild on them, which defaults to setting shell: true. An attacker who can control the filenames being matche...

[SECURITY] Fedora 42 Update: xmedcon-0.25.3-1.fc42

This project stands for Medical Image Conversion and is released under the GNU's LGPL license. It bundles the C source code, a library, a flexible command-line utility and a graphical front-end based on the amazing Gtk+ toolkit. Its main purpose is image conversion while preserving valuable medic...

EUVD-2025-179712

Malicious code in cli-webdriver-manager-lint-staged-auth npm...

EUVD-2025-124648

Malicious code in nashira-config-fork-cli npm...

EUVD-2025-115297

Malicious code in cli-start-husky-pyxis npm...

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

[SECURITY] Fedora 43 Update: fluidsynth-2.4.8-2.fc43

FluidSynth is a real-time software synthesizer based on the SoundFont 2 specifications. It is a "software synthesizer". FluidSynth can read MIDI even ts from the MIDI input device and render them to the audio device. It features real-time effect modulation using SoundFont 2.01 modulators, and a...

PT-2025-44351

Name of the Vulnerable Software and Affected Versions versions prior to 2025-54545 Description A restricted user could escape the CLI sandbox and gain access to the system shell, leading to privilege escalation. Recommendations At the moment, there is no information about a newer version that...

CVE-2025-59462

An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability...

CVE-2025-4106

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0...

PT-2025-43926

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description An attacker manipulating the C++ CLI client can cause the UpdateService to crash during file transfers, leading to disruptions in updates and availability. Recommendations At the moment, there is no informati...

EUVD-2025-35898

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0...

CVE-2025-4106

CVE-2025-4106 is a vulnerability in WatchGuard Fireware OS where an authenticated admin who has access to both the WebUI and the CLI can enable a diagnostic debug shell by uploading a platform/version-specific diagnostic package and executing a leftover diagnostic command. Affected versions are F...

PT-2025-43675

Name of the Vulnerable Software and Affected Versions Fireware OS versions prior to 12.11.2 Description An authenticated administrator user with access to both the management WebUI and command line interface on a Firebox device can enable a diagnostic debug shell. This is achieved by uploading a...

CVE-2025-8078

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...

CVE-2025-8078

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...

CVE

It is an offensive tool for Windows. This repository appears to...