CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

CVE-2025-67601

CVE-2025-67601 – Rancher CLI TLS verification bypass : Multiple sources confirm a vulnerability in Rancher CLI login where using self-signed CA certificates with -skip-verify and without --cacert can cause the CLI to fetch CA certs from Rancher’s cacerts setting, enabling potential information ex...

CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

VulnCheck KEV: CVE-2022-20775

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted...

SUSE Rancher 信任管理问题漏洞

SUSE Rancher is a Kubernetes management platform developed by the German company SUSE. SUSE Rancher has a vulnerability related to trust management. This vulnerability arises from the use of self-signed CA certificates and the passing of the -skip-verify flag to the Rancher CLI login command...

Angular 代码问题漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. There were code-related vulnerabilities in versions of Angular CLI prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21. These...

CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2026-27486

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

In yet another software supply chain attack, the open-source, artificial intelligence AI-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM P...

Fedora: Security Advisory (FEDORA-2026-45e69bddb9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-3beebfc8ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

deno_cli (>=0.18.0-preview4 <=0.23.0), deno_cli_snapshots (>=0.0.3 <=0.19.0) +2 more potentially affected by CVE-2026-27190 via deno (>=0.15.0 <=0.6.0)

deno CARGO version =0.15.0, =0.18.0-preview4, =0.0.3, =0.0.1, =0.23.0 Source cves: CVE-2026-27190 Source advisory: OSV:GHSA-HMH4-3XVX-Q5HR...

@any-code/agent (>=0.0.1 <=0.0.16), @aweto-agent/cli (>=1.7.2 <=1.8.0) +108 more potentially affected by unknown CVE via hono (>=4.0.0 <=4.11.1)

hono NPM version =4.0.0, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.2, =1.0.0, =4.0.0-alpha.28, =1.1.54, =1.1.54, =0.1.0, =0.0.4, =0.19.0, =0.23.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-HONO-15322749...

GHSA-9PPG-JX86-FQW7 Unauthorized npm publish of [email protected] with modified postinstall script

Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...

Fedora 42 : azure-cli / python-azure-core (2026-3beebfc8ff)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-3beebfc8ff advisory. Update to 1.38.0 to address CVE-2026-21226 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 43 : azure-cli / python-azure-core (2026-45e69bddb9)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-45e69bddb9 advisory. Update to 1.38.0 to address CVE-2026-21226 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

RHSA-2026:2823 Red Hat Security Advisory: Updated discovery-cli release RPM versions 2.4.3

Bulletin has no description...

Important: nsight-systems-2025.5.2

Issue Overview: NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lea...

azure-cli-core-2.83.0-2.1 on GA media (moderate)

azure-cli-core-2.83.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10211-1 Rating: moderate Cross-References: CVE-2025-24049 CVSS scores: CVE-2025-24049 SUSE : 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-24049 SUSE : 8.6...