PT-2026-37373

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...

@knocklabs/client (>=0.21.6 <=0.21.13), @knocklabs/expo (>=0.5.0 <=0.6.7) +8 more potentially affected by CVE-2026-32689 via phoenix (>=1.8.0 <=1.8.5)

phoenix NPM version =1.8.0, =0.21.6, =0.5.0, =0.1.0, =0.1.1, =0.1.1, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =2.1.8, =2.4.0 Source cves: CVE-2026-32689 Source advisory: SNYK:JS-PHOENIX-16425773...

PT-2026-37362

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10688-1 cf-cli-8.18.3+git.0.83ce51d9c-1.1 on GA media

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

@activepieces/piece-ai (>=0.3.1 <=0.3.4), @evertondgn/polyhive-cli (=0.1.62) +5 more potentially affected by CVE-2026-6321 via fast-uri (>=3.0.1 <=3.1.0)

fast-uri NPM version =3.0.1, =0.3.1, =5.4.3, =1.0.0, =1.0.0, =2.2.0, =2.3.1 Source cves: CVE-2026-6321 Source advisory: SNYK:JS-FASTURI-16642399...

org.apache.opennlp:opennlp-cli (>=3.0.0-M1 <=3.0.0-M2), org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) +6 more potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-runtime (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-runtime MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-40682 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16419378...

Astra Linux – Vulnerability in docker.io

Docker CLI is the command-line interface for the Docker container runtime. A bug was discovered in Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json, which lists a credsStore or credhelpers that cannot be...

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

CVE-2026-42994

CVE-2026-42994 concerns Bitwarden CLI 2026.4.0 (released around 2026-04-22) when obtained from npm, which reportedly contained embedded malicious code as part of a Checkmarx supply chain incident. Public documents identify the affected software and the malicious supply chain context, but do not p...

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

CVE-2026-42994

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

[SECURITY] Fedora 44 Update: jfrog-cli-2.98.0-1.fc44

JFrog CLI is a client that provides a simple interface that automates access to the JFrog products...

Fedora 44 : jfrog-cli (2026-6b87863841)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6b87863841 advisory. Upstream release 2.98.0. https://github.com/jfrog/jfrog-cli/releases/tag/v2.98.0 Resolves the following security issues: CVE-2025-11579 CVE-2025-665...

@unhook/cli (>=0.9.3 <=0.15.0) potentially affected by CVE-2026-42349 via @clerk/backend (>=2.0.0 <=2.29.3)

@clerk/backend NPM version =2.0.0, =0.9.3, =0.15.0 Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...

@unhook/cli (>=0.8.0 <=0.15.0) potentially affected by CVE-2026-42349 via @clerk/express (>=1.5.0 <=1.7.63)

@clerk/express NPM version =1.5.0, =0.8.0, =0.15.0 Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...

CLSA-2026-1777566732 Fix CVE(s): CVE-2018-10841

SECURITY UPDATE: privilege escalation on glusterd nodes via the CLI RPC program being exposed on the TCP listener when management-plane SSL is enabled, allowing a TLS-authenticated client outside the trusted storage pool to issue privileged volume-management commands via gluster --remote-host -...

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an...

[SECURITY] Fedora 42 Update: podman-5.8.2-1.fc42

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5089 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

Juniper Junos OS Vulnerability (JSA96462)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96462 advisory. - An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilege...