@saltcorn/cli (>=1.0.0 <=1.4.4), @saltcorn/mobile-builder (>=1.0.0 <=1.4.4) potentially affected by CVE-2026-40163 via @saltcorn/server (>=1.0.0-beta.1 <=1.4.4)

@saltcorn/server NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.4.4 Source cves: CVE-2026-40163 Source advisory: SNYK:JS-SALTCORNSERVER-15990855...

@christianhugo/mobile-builder (>=0.7.3-beta.3 <=0.7.4-beta.9), @christianhugoch/cli (>=0.7.2-beta.12 <=0.7.2-beta.13) +4 more potentially affected by CVE-2026-40163 via @saltcorn/server (>=0.0.2 <=1.4.4)

@saltcorn/server NPM version =0.0.2, =0.7.3-beta.3, =0.7.2-beta.12, =0.0.2, =0.7.2, =0.0.2, =0.2.3-beta.2 Source cves: CVE-2026-40163 Source advisory: OSV:GHSA-32PV-MPQG-H292...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.3), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.3) potentially affected by CVE-2026-40163 via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.3 Source cves: CVE-2026-40163 Source advisory: OSV:GHSA-32PV-MPQG-H292...

CVE-2026-35659

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious...

CVE-2026-35659 OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious...

@cedarjs/api-server (>=1.0.0-canary.12863 <=9.0.0-canary.1784), @cedarjs/cli (>=1.0.0-canary.12863 <=9.0.0-canary.1784) +12 more potentially affected by CVE-2026-23869 via react-server-dom-webpack (>=19.2.1 <=19.2.4)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =3.0.0-canary.13429, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

EUVD-2026-21196

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive...

PT-2026-31970

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious...

OPENSUSE-SU-2026:10529-1 tekton-cli-0.44.1-1.1 on GA media

These are all security issues fixed in the tekton-cli-0.44.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-33791

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set...

CVE-2026-33791 Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set...

CVE-2026-33776

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive...

CVE-2026-33776 Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will expose sensitive...

CVE-2026-21915 JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)

Last week, there were 56 vulnerabilities disclosed in 50 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability Database, and there were 38 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to...

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: kube-arangodb, amazon-cloudwatch-agent, kubescape-operator, pulumi-language-dotnet, caddy, harbor, percona-server-mongodb-operator, kube-vip-cloud-provider, apisix-ingress-controller, opentelemetry-operator, cluster-api-helm-controller,...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +109 more potentially affected by CVE-2026-34945 via wasmtime (>=0.10.0 <=2.0.2)

wasmtime CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.44.0 and more Source cves: CVE-2026-34945 Source advisory: OSV:RUSTSEC-2026-0086...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +109 more potentially affected by CVE-2026-34988 via wasmtime (>=0.10.0 <=2.0.2)

wasmtime CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.44.0 and more Source cves: CVE-2026-34988 Source advisory: OSV:RUSTSEC-2026-0088...

CVE-2026-39410 vulnerabilities

Vulnerabilities for packages: librechat, kibana, opensearch-dashboards, langfuse, opensearch-dashboards-fips, langfuse-fips, gemini-cli...

GHSA-26PP-8WGV-HJVM vulnerabilities

Vulnerabilities for packages: librechat, kibana, opensearch-dashboards, langfuse, opensearch-dashboards-fips, langfuse-fips, gemini-cli...