Malicious code in @tolka/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 690527fdde65817c5fb47eeae87927130e678a6255b461b2ebfa6c0881be570f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2026-29344

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

PT-2026-40366

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

PT-2026-40431

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...

PT-2026-40367

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

CVE-2026-31236

The CVE-2026-31236 issue affects the llm CLI tool up to version 0.27.1. The vulnerability arises from the --functions argument, which accepts user-provided Python definitions and is executed with unsafe exec() without sanitization or sandboxing, enabling arbitrary code execution on a victim’s sys...

Hewlett Packard Enterprise ArubaOS 命令注入漏洞

Hewlett Packard Enterprise ArubaOS is a network wireless operating system developed by Hewlett Packard Enterprise. Hewlett Packard Enterprise ArubaOS has a command injection vulnerability, which stems from a flaw in the command-line interface. This vulnerability could allow authenticated remote...

PT-2026-40374

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

PT-2026-40365

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

PT-2026-40110

Name of the Vulnerable Software and Affected Versions FortiAP versions 7.6.0 through 7.6.2 FortiAP versions 7.4.0 through 7.4.5 FortiAP version 7.2 FortiAP version 7.0 FortiAP version 6.4 FortiAP-W2 versions 7.4.0 through 7.4.4 FortiAP-W2 version 7.2 FortiAP-W2 version 7.0 Description An OS comma...

PT-2026-40371

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

Subnet Solutions PowerSYSTEM Center 注入漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. The Subnet Solutions PowerSYSTEM Center has an injection vulnerability, which stems from CRLF injections during SMTPS communication...

PT-2026-40372

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-31217

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

PT-2026-40448

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description Command injection flaws exist in the command line interface CLI service accessed via the PAPI protocol. An authenticated remote attacker can exploit these...

Hewlett Packard Enterprise ArubaOS 操作系统命令注入漏洞

Hewlett Packard Enterprise ArubaOS is a network wireless operating system developed by Hewlett Packard Enterprise. Hewlett Packard Enterprise ArubaOS has a vulnerability related to operating system command injection. This vulnerability stems from a flaw in the command-line interface, which may...

Fortinet FortiAP 操作系统命令注入漏洞

Fortinet FortiAP is a controller designed by the American company Fortinet for managing wireless access point devices. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.5, all versions of 7.2, all versions of 7.0, all versions of 6.4, as well as versions 7.0.0 to 7.0.5 of FortiAP-U, all versions of 6.2, and...

PT-2026-40369

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...