cf-cli-8.18.3+git.0.83ce51d9c-1.1 on GA media (moderate)

cf-cli-8.18.3+git.0.83ce51d9c-1.1 on GA media Announcement ID: openSUSE-SU-2026:10688-1 Rating: moderate Cross-References: CVE-2025-61729 CVSS scores: CVE-2025-61729 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-61729 SUSE : 8.7...

CLI Proxy API 代码问题漏洞

CLI Proxy API is an open-source CLI proxy server developed by Router-For.ME, which supports multi-model APIs. Version 6.9.29 of the CLI Proxy API has a code vulnerability that stems from the handling of the url parameter in the file internal/api/handlers/management/apitools.go. This vulnerability...

PT-2026-38406

Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...

Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE

Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise...

@c0va23/react-router-dev (=7.8.3-alpha.2), @holocron.so/cli (>=0.6.0 <=0.8.0) +13 more potentially affected by CVE-2026-23870 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.24)

@vitejs/plugin-rsc NPM version =0.4.11, =0.6.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-experimental-2a6c7bc, =0.0.0-pr-32412-sha-4e0feb24, =1.0.2, =0.1.0, =0.0.1, =1.18.0-rsc.19, =0.1.0, =0.0.1-alpha.0, =0.0.0-canary-7e3d07b-20260501145757, =0.24.0, =0.27.2 Source cves: CVE-2026-23870 Source advisory:...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23870 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

CVE-2026-41898 vulnerabilities

Vulnerabilities for packages: ztunnel-fips, bootc, guestproxyagent, komodo, sqlx, sdp-k8s-injector, valkey-ldap, vector, deno, rpm-sequoia, rustup, sccache, rustls-openssl-client, sentry-cli, typst...

CVE-2026-41907 vulnerabilities

Vulnerabilities for packages: kibana, wazuh-dashboard-fips, saf, wazuh-dashboard, npm, kubeflow-pipelines, actions-runner, dbgate-fips, gemini-cli, jitsucom-jitsu, opensearch-dashboards, redisinsight, prism, argo-workflows, librechat, sqlpad, kubeflow-centraldashboard, opensearch-dashboards-fips,...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: wolfictl, chainctl-fips, kubescape, nuclei, zot, grype-db, redpanda-console, syft-fips, act, cloudbeat, gitaly, zarf-fips, argo-cd-fips, steampipe, commercial-chainloop-cli, kaniko-fips, flux-image-automation-controller, xeol-fips, tfsec, gitea-fips, nemo,...

CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

CVE-2026-35254

CVE-2026-35254 affects Oracle OCI CLI (Oracle Open Source Projects) with affected version 3.77. The vulnerability enables an unauthenticated, network-accessible attacker to cause Oracle OCI CLI to place imported files outside the intended directory, indicating a path traversal-like impact. CVSS3....

CVE-2026-35254

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

EUVD-2026-27534

Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...

GHSA-WPQR-6V78-JR5G vulnerabilities

Vulnerabilities for packages: gemini-cli...

PT-2026-37373

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...

Oracle OCI CLI 路径遍历漏洞

Oracle OCI CLI is a cloud infrastructure management command-line tool developed by Oracle Corporation in the United States. Version 3.77 of Oracle OCI CLI contains a path traversal vulnerability. This vulnerability allows unauthorized attackers to access the system through the network, enabling...

@knocklabs/client (>=0.21.6 <=0.21.13), @knocklabs/expo (>=0.5.0 <=0.6.7) +8 more potentially affected by CVE-2026-32689 via phoenix (>=1.8.0 <=1.8.5)

phoenix NPM version =1.8.0, =0.21.6, =0.5.0, =0.1.0, =0.1.1, =0.1.1, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =2.1.8, =2.4.0 Source cves: CVE-2026-32689 Source advisory: SNYK:JS-PHOENIX-16425773...

OPENSUSE-SU-2026:10688-1 cf-cli-8.18.3+git.0.83ce51d9c-1.1 on GA media

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-37362

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

@activepieces/piece-ai (>=0.3.1 <=0.3.4), @evertondgn/polyhive-cli (=0.1.62) +5 more potentially affected by CVE-2026-6321 via fast-uri (>=3.0.1 <=3.1.0)

fast-uri NPM version =3.0.1, =0.3.1, =5.4.3, =1.0.0, =1.0.0, =2.2.0, =2.3.1 Source cves: CVE-2026-6321 Source advisory: SNYK:JS-FASTURI-16642399...