EUVD-2026-30549

GitHub CLI: GitHub Actions log output in gh run view allows terminal escape sequence injection...

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

CVE-2026-23823 Authenticated Command Injection leads to RCE in AOS-10 CLI Command

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

CVE-2026-23821 Inconsistent input filtering allows Authenticated Command Injection in AOS-10 CLI

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)

Last week, there were 87 vulnerabilities disclosed in 198 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

Juniper Junos OS Vulnerability (JSA96462)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96462 advisory. - An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilege...

CVE-2026-20161

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

CVE-2026-20136

CVE-2026-20136 affects Cisco Identity Services Engine (ISE) and ISE-PIC CLI. Root cause: insufficient input validation enabling crafted CLI input to trigger command injection and elevate privileges to root on the underlying OS. Impact: authenticated, local admin can gain root privileges. Exploita...

PT-2026-33086

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

Security Bulletin: IBM Planning Analytics Cartridge has addressed a security vulnerability in Docker CLI (CVE-2025-15558)

Summary IBM Planning Analytics Cartridge is considered affected by a vulnerability in Docker CLI Vulnerability Details CVEID:CVE-2025-15558 DESCRIPTION: Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A...

CVE-2026-33791

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)

Last week, there were 56 vulnerabilities disclosed in 50 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability Database, and there were 38 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to...

CVE-2021-4474 Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...

CVE-2026-20040

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

CVE-2026-20110

The CVE-2026-20110 affects Cisco IOS XE CLI. The issue stems from incorrect privileges tied to the start maintenance command, enabling a local, authenticated lower-privilege user to put the device into maintenance mode. This action shuts down interfaces and causes a DoS condition. Recovery is pos...

CVE-2026-22320

A stack-based buffer overflow in the CLI’s TFTP file-transfer command handling can be triggered by a low-privileged attacker with Telnet/SSH access by supplying an unexpected or oversized filename input. This memory corruption affects the internal buffer, rendering the CLI and web dashboard unava...

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-28793 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-28793 Source advisory: OSV:GHSA-2F24-MG4X-534Q...

EUVD-2026-11214

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

CVE-2026-31975

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into...

CVE-2026-20040

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...