Skip to main content

Command Line Interface

6 CVEs product

Monthly

CVE-2025-15558 Go HIGH PATCH GHSA This Week

Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.

Docker Command Line Interface Microsoft Privilege Escalation
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2023-50974 LIB MEDIUM POC PATCH This Month

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Command Line Interface
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-32550 MEDIUM This Month

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure 1Password 1Password In The Browser Command Line Command Line Interface +2
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-41092 Go HIGH PATCH This Week

Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Command Line Interface Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-10256 CRITICAL Act Now

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Line Interface Scim
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-3781 HIGH This Week

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Line Interface
NVD
CVSS 3.1
8.8
EPSS
1.3%
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.

Docker Command Line Interface Microsoft +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Command Line Interface
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure 1Password 1Password In The Browser +4
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Command Line Interface +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Line Interface Scim
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Line Interface
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy