CVE-2026-20046

CVE-2026-20046 affects Cisco IOS XR Software. The vulnerability stems from an incorrect mapping of a CLI command to task groups, allowing an authenticated, low-privileged local attacker to bypass task group checks and elevate privileges to full administrative control. Impact stated as privilege e...

GHSA-VV3H-7QWR-722V Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

EUVD-2026-11080

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

CVE-2026-23816

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

CVE-2026-23815

A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands...

CVE-2026-23816 Authenticated Command Injection found in admin AOS-CX CLI command

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

CVE-2026-23815 Authenticated Command Injection found in AOS-CX Administrative CLI Command

A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands...

CVE-2026-23814

This CVE concerns a vulnerability in the AOS-CX CLI where command parameters can be exploited to inject malicious commands by a low-privileged, authenticated remote attacker. The issue is actionable via network access, with no user interaction required, and it affects the ability to maintain conf...

CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

GHSA-XJ69-M9QQ-8M94 Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

PT-2026-24753

Summary Multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to execute arbitrary OS commands. Details The claudecodeui application provides Git integration through various API...

PT-2026-24693

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cve claudecodeui submission v2.zip  Submission Info | Field | Value | |-------|-------| | Package | @siteboon/claude-code-ui | | Ecosystem | npm | | Affected versions ...

PT-2026-24729

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups...

Cloud CLI 代码注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained a code injection vulnerability. This vulnerability stemmed from the /api/user/git-config endpoint constructing shell commands without properly...

Cloud CLI 操作系统命令注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the use of string interpolation for user input across...

Cloud CLI 操作系统命令注入漏洞

Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.25.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the projectPath and initialCommand parameters in the...

CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2

CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2. A patched version of the package is available...

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...

CVE-2025-47911 affecting package cf-cli for versions less than 8.7.11-5

CVE-2025-47911 affecting package cf-cli for versions less than 8.7.11-5. A patched version of the package is available...