CVE-2026-23815 Authenticated Command Injection found in AOS-CX Administrative CLI Command

A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands...

CVE-2026-23814

This CVE concerns a vulnerability in the AOS-CX CLI where command parameters can be exploited to inject malicious commands by a low-privileged, authenticated remote attacker. The issue is actionable via network access, with no user interaction required, and it affects the ability to maintain conf...

CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

GHSA-XJ69-M9QQ-8M94 Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

Cloud CLI 代码注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained a code injection vulnerability. This vulnerability stemmed from the /api/user/git-config endpoint constructing shell commands without properly...

Cloud CLI 操作系统命令注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.25.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the projectPath and initialCommand parameters in the...

PT-2026-24693

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cve claudecodeui submission v2.zip  Submission Info | Field | Value | |-------|-------| | Package | @siteboon/claude-code-ui | | Ecosystem | npm | | Affected versions ...

Cloud CLI 操作系统命令注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the use of string interpolation for user input across...

PT-2026-24753

Summary Multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to execute arbitrary OS commands. Details The claudecodeui application provides Git integration through various API...

PT-2026-24729

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups...

CVE-2025-47911 affecting package cf-cli for versions less than 8.7.11-5

CVE-2025-47911 affecting package cf-cli for versions less than 8.7.11-5. A patched version of the package is available...

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...

CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2

CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2. A patched version of the package is available...

EUVD-2025-208495

A cleartext storage of sensitive information vulnerability CWE-312 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder...

GO-2026-4610 Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli...

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

CVE-2025-48418

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

BIT-DOCKER-CLI-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...