Medium: aws-nitro-enclaves-cli

Issue Overview: openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Affected Packages: aws-nitro-enclaves-cli Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ sectio...

Ubuntu 24.04 LTS : GitHub CLI vulnerabilities (USN-8012-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8012-1 advisory. It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An...

Medium: aws-nitro-enclaves-cli

Issue Overview: openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Affected Packages: aws-nitro-enclaves-cli Issue Correction: Run dnf update aws-nitro-enclaves-cli --releasever 2023.10.20260202 or dnf update --advisory ALAS2023-2026-1371 --releasever 2023.10.202602...

Amazon Linux 2 : aws-nitro-enclaves-cli, --advisory ALAS2NITRO-ENCLAVES-2026-086 (ALASNITRO-ENCLAVES-2026-086)

The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.4.4-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2026-086 advisory. openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Tenable has extracted...

Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2026-1371)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1371 advisory. openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via config.apply. An attacker can execute arbitrary commands as the gateway process user by supplying crafted cliPath values through the Gatew...

OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply

Summary An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. Impact A local process on the same machine could execute arbitrary...

GHSA-G55J-C2V4-PJCG OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply

Summary An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. Impact A local process on the same machine could execute arbitrary...

GHSA-434X-W66G-QW3R vulnerabilities

Vulnerabilities for packages: asciinema, linkerd2-proxy, linkerd-extension-init, atuin, zed, komodo, helix, netavark, parseable, linkerd2, qdrant, sccache, sdp-k8s-injector, linkerd-network-validator, cargo-audit, bootc, wadm, xh, garage, shadowsocks-rust, pixi, nushell, wizer, lychee, pgcat, zol...

USN-8012-1 gh vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

USN-8012-1: GitHub CLI vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

Fedora 44 : vultr-cli (2026-ce174cdc78)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ce174cdc78 advisory. Automatic update for vultr-cli-3.8.0-1.fc44. Changelog Wed Feb 4 2026 Major Hayden - 3.8.0-1 - Update to 3.8.0 - Fixes CVE-2025-11065: go-viper/mapstructure...

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnChecksaid it first observed exploitation of CVE-2025-11953 aka Metro4Shell on December 21, 2025. With a...

GO-2026-4393 Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher

Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

Rancher CLI skips TLS verification on Rancher CLI login command

Impact A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting...

GHSA-MC24-7M59-4Q5P Rancher CLI skips TLS verification on Rancher CLI login command

Impact A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23864 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

Malicious code in tailwind-components-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3916984542c5471332406155adc38fde3d254e8748b6e65caa1b9680663602c The package tailwind-components-cli was found to contain malicious code. Source: ghsa-malware...