7887 matches found
CVE-2026-45033 GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...
CVE-2026-44479
CVE-2026-44479 affects Vercel’s AI Cloud CLI between versions 50.16.0 and 52.0.0. In non-interactive mode, commands that cannot complete autonomously emit JSON payloads with follow-up commands, and if a token is supplied on the CLI (via --token/-t), the token value is included verbatim in those s...
CVE-2026-45803
creationtimestamp| type| source ---|---|--- 2026-05-13 15:20:46+00:00| published-proof-of-concept| https://github.com/cli/cli/security/advisories/GHSA-crc3-h8v6-qh57...
CVE-2026-44295
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...
CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...
CVE-2026-42290
Summary: The vulnerability affects protobufjs-cli’s pbts command. In versions before 1.2.1 and 2.0.2, pbts builds a shell command string from input file paths and runs it via child_process.exec, allowing file paths containing shell metacharacters to be interpreted by the shell. This can enable OS...
CVE-2026-42290 protobufjs-cli: OS Command Injection
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...
apheris-auth (=0.23.0), apheris-cli (=0.51.0) +1 more potentially affected by CVE-2026-44681 via authlib (=1.7.0)
authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0 - fittrackee =1.3.0b1, =1.3.0b3 Source cves: CVE-2026-44681 Source advisory: OSV:GHSA-R95X-QFJJ-FJJ2...
apheris-auth (=0.23.0), apheris-cli (=0.51.0) +1 more potentially affected by CVE-2026-44681 via authlib (=1.7.0)
authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0 - fittrackee =1.3.0b1, =1.3.0b3 Source cves: CVE-2026-44681 Source advisory: SNYK:PYTHON-AUTHLIB-16643...
EUVD-2026-29849
Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...
MAL-2026-3652 Malicious code in supabase-javascript (npm)
Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...
OPENSUSE-SU-2026:10776-1 tekton-cli-0.45.0-1.1 on GA media
These are all security issues fixed in the tekton-cli-0.45.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10769-1 flux2-cli-2.8.7-1.1 on GA media
These are all security issues fixed in the flux2-cli-2.8.7-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-44871
Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...
CVE-2026-44871 Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems
Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...
CVE-2026-44870
Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...
CVE-2026-44870 Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems
Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...
CVE-2026-44870
CVE-2026-44870 involves command injection vulnerabilities in the CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 operating systems. The underlying cause is insecure handling in the CLI component that allows an authenticated remote attacker to execute arbitrary commands on the underl...
MAL-2026-3685 Malicious code in always-updates (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee16a964c16035579f7be2f965a801f87876080603f389e1e75ec3073bd5c2c The package's sole advertised CLI aupd, registered as a consolescripts entry point to alwaysupdates.main:main executes...
CVE-2026-23823 Authenticated Command Injection leads to RCE in AOS-10 CLI Command
A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...