HPE Aruba Networking 100 Series Cellular Bridge 安全漏洞

The HPE Aruba Networking 100 Series Cellular Bridge is a 5G/4G mobile network wireless bridge device from HPE America. A security vulnerability exists in the HPE Aruba Networking 100 Series Cellular Bridge that stems from a command injection vulnerability in the command line interface that could...

PT-2025-47391

Name of the Vulnerable Software and Affected Versions HPE Aruba Networking Airwave Platform affected versions not specified Description A command injection issue exists in the command line interface of the HPE Aruba Networking Airwave Platform. A successful exploit allows an authenticated attacke...

Fortinet FortiExtender 安全漏洞

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet. The Fortinet FortiExtender suffers from a buffer overflow vulnerability that originates from buffer copying without checking the input size, which can be exploited by an attacker to cause an authenticated us...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the CLI, via the -c/--cmd option. The processing of commandline options in src/bin.mts calls the foregroundChild on them, which defaults to setting shell: true. An attacker who can control the filenames being matche...

GHSA-5J98-MCP5-4VW2 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Summary The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to...

glob CLI: Command injection via -c/--cmd executes matches with shell:true

Summary The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to...

EUVD-2025-197818

Glob matches files using patterns the shell uses. From versions 10.3.7 to 11.0.3, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are used, matched filenames are passed ...

CVE-2025-64756

CVE-2025-64756 is a command-injection vulnerability in glob's -c/--cmd handling. The IBM bulletins show this CVE affecting IBM Maximo Application Suite components (e.g., Visual Inspection) and related bundles, with remediation by upgrading the affected glob component to 10.5.0 or 11.1.0 (patches ...

[SECURITY] Fedora 41 Update: xmedcon-0.25.3-1.fc41

This project stands for Medical Image Conversion and is released under the GNU's LGPL license. It bundles the C source code, a library, a flexible command-line utility and a graphical front-end based on the amazing Gtk+ toolkit. Its main purpose is image conversion while preserving valuable medic...

[SECURITY] Fedora 42 Update: xmedcon-0.25.3-1.fc42

This project stands for Medical Image Conversion and is released under the GNU's LGPL license. It bundles the C source code, a library, a flexible command-line utility and a graphical front-end based on the amazing Gtk+ toolkit. Its main purpose is image conversion while preserving valuable medic...

[SECURITY] Fedora 41 Update: luksmeta-10-1.fc41

LUKSMeta is a command line utility for storing small portions of metadata in the LUKSv1 header for use before unlocking the volume...

[SECURITY] Fedora 42 Update: luksmeta-10-1.fc42

LUKSMeta is a command line utility for storing small portions of metadata in the LUKSv1 header for use before unlocking the volume...

HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors

out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...

[SECURITY] Fedora 43 Update: gh-2.83.0-1.fc43

A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...

EUVD-2025-180533

Malicious code in abiogenesis-cli-tachyon-miranda npm...

EUVD-2025-179649

Malicious code in command-leda-fetch-delphinus npm...

EUVD-2025-176676

Malicious code in resolvers-heliophysics-apollo-cli npm...

EUVD-2025-179712

Malicious code in cli-webdriver-manager-lint-staged-auth npm...

EUVD-2025-177452

Malicious code in oortcloud-chariklo-geoarchaeology-cli npm...

EUVD-2025-123461

Malicious code in prettier-cli-css-minimizer-webpack-plugin-node-sass npm...