CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

PT-2026-37348

Name of the Vulnerable Software and Affected Versions Oracle OCI CLI version 3.77 Description An issue in the Oracle OCI CLI product of Oracle Open Source Projects allows an unauthenticated attacker with network access to compromise the system. This flaw enables users to perform a path traversal,...

CLSA-2026-1777558504 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

CLSA-2026-1778002076 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...

openssh security update

8.7p1-49.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug: 37647064 - Update upstream references Orabug: 36564626 8.7p1-49 - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in...

rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...

rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...

JLSEC-2026-425 URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file...

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allows Heap-based Buffer Overflows because it mishandles the "-F’.‘” syntax on the command line. This may allow privilege escalation from any user to root. This issue occurs due to the incorrect interpretation of negative sizes in the strncpy function...

Astra Linux – Vulnerability in exim4

A use-after-free exists in Exim 4.96 through 4.98.1, which could allow users with command-line access to escalate their privileges...

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. The redis-cli command-line tool and the redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This issue arises due to a vulnerability in the hiredis...

[SECURITY] Fedora 44 Update: xen-4.21.1-2.fc44

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

AutoStrike

Gemini Bug Bounty Find security vulnerabilities, get paid...

EUVD-2026-26474

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

Exploit for CVE-2026-31431

CVE-2026-31431 "Copy Fail" — Ansible Mitigation Recipe !C...

[SECURITY] Fedora 44 Update: glow-2.1.2-1.fc44

Glow is a terminal based markdown reader designed from the ground up to bring out the beauty=E2=80=94and power=E2=80=94of the CLI. Use it to discover mark down files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository...

[SECURITY] Fedora 44 Update: vhs-0.11.0-2.fc44

Write terminal GIFs as code for integration testing and demoing your CLI tool s...

[SECURITY] Fedora 43 Update: xen-4.20.3-2.fc43

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...