CVE-2025-37177

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within th...

5gasp-cli (>=0.1.0 <=0.4.0), ablator (=0.0.1b3) +353 more potentially affected by CVE-2026-22702 via virtualenv (>=12.1.1 <=20.35.4)

virtualenv PYPI version =12.1.1, =0.1.0, =2.0.1, =0.0.2, =0.1.0, =0.0.1a0, =0.2.0, =0.6.1.91, =1.5.0, =2024.7.4, =0.8.3b20230820, =0.8.3b20231012, =1.0.1b20240404 and more Source cves: CVE-2026-22702 Source advisory: OSV:GHSA-597G-3PHW-6986...

CVE-2026-22251

The CVE-2026-22251 entry concerns the wlc Weblate command-line client. Before version 1.17.0, wlc allowed unscoped API keys to be stored in settings, a practice that could enable an API key to be leaked to different servers. Public advisories from Debian/Ubuntu/OSV reflect this issue and referenc...

CVE-2026-22251 wlc may leak API keys due to an insecure API key configuration

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers...

(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The...

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

CVE-2020-24855

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request...

CVE-2022-23530

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

CVE-2023-45621

Unauthenticated Denial-of-Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point...

CVE-2023-45617

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI Aruba's access point management protocol. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

CVE-2022-42476

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via...

CVE-2024-39768

Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...

GHSA-RHFX-M35P-FF5J vulnerabilities

Vulnerabilities for packages: uutils, ztunnel-fips, kdash, vector, litmus, atuin, pixi, jujutsu, mise, nushell, pgcat, ztunnel, wasmcloud, yazi, sentry-cli...

Malicious code in btcli-security (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4b868f818b1a81f5fccee1967f70c3ff9d75c218d14ec09882c576a9c2c213e Package clones a legitimate bittensor-cli library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious...

MAL-2026-162 Malicious code in btcli-security (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4b868f818b1a81f5fccee1967f70c3ff9d75c218d14ec09882c576a9c2c213e Package clones a legitimate bittensor-cli library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious...

Malicious code in sparkling-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49e0e650696ea120abbbc0a198865731fbeea781cc9ee947bd39c8f7d76c4eab The package sparkling-cli was found to contain malicious code. Source: ghsa-malware 6185870baa4e15b65e8df51e713dcb6e3e54d79fd00389cfa0f86421cef94f6e...

MAL-2026-156 Malicious code in sparkling-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49e0e650696ea120abbbc0a198865731fbeea781cc9ee947bd39c8f7d76c4eab The package sparkling-cli was found to contain malicious code. Source: ghsa-malware 6185870baa4e15b65e8df51e713dcb6e3e54d79fd00389cfa0f86421cef94f6e...

EUVD-2026-1628

Malicious code in sparkling-cli npm...

ai.wanaku:cli (>=0.0.1 <=0.0.5), ai.wanaku:jbang (>=0.0.4 <=0.0.5) +296 more potentially affected by CVE-2025-66560 via io.quarkus:quarkus-rest (>=3.10.0 <=3.20.4)

io.quarkus:quarkus-rest MAVEN version =3.10.0, =0.0.1, =0.0.4, =0.0.1, =0.0.1, =0.0.1, =3.15.3, =3.15.3, =0.2.0.0, =0.4.8.0, =1.2.1, =1.2.2, =1.2.1, =1.2.2, =1.2.1, =1.2.2, =1.2.3 and more Source cves: CVE-2025-66560 Source advisory: OSV:GHSA-5RFX-CP42-P624...