| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40602 | hass-cli: Handling of user-supplied Jinja2 templates | home-assistant-ecosystem | home-assistant-cli | Medium | 5.6 | 2026-04-21 17:40:10 | Deep Dive |
| CVE-2026-6442 | Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface | Snowflake | Cortex Code CLI | High | 8.3 | 2026-04-16 18:43:21 | Deep Dive |
| CVE-2026-33397 | Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass | angular | angular-cli | 中危 | - | 2026-03-26 13:46:16 | Deep Dive |
| CVE-2026-29066 | Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI | @tinacms | cli | Medium | 6.2 | 2026-03-12 16:57:41 | Deep Dive |
| CVE-2026-28793 | Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS | @tinacms | cli | High | 8.4 | 2026-03-12 16:50:20 | Deep Dive |
| CVE-2026-28792 | Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS | @tinacms | cli | Critical | 9.6 | 2026-03-12 16:48:16 | Deep Dive |
| CVE-2026-31863 | Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart | anyproto | anytype-heart | Low | 3.6 | 2026-03-11 17:43:08 | Deep Dive |
| CVE-2026-29783 | GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution | github | copilot-cli | 高危 | - | 2026-03-06 16:39:27 | Deep Dive |
| CVE-2025-15558 | Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | Docker | Docker CLI | 高危 | - | 2026-03-04 16:14:32 | Deep Dive |
| CVE-2026-27739 | Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline | angular | angular-cli | - | - | 2026-02-25 16:47:30 | Deep Dive |
| CVE-2026-27738 | Angular SSR has an Open Redirect via X-Forwarded-Prefix | angular | angular-cli | - | - | 2026-02-25 16:40:45 | Deep Dive |
| CVE-2026-25918 | unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command) | RageAgainstThePixel | unity-cli | - | - | 2026-02-09 21:29:56 | Deep Dive |
| CVE-2026-0775 | npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability | npm | cli | 高危 | - | 2026-01-23 03:29:15 | Deep Dive |
| CVE-2026-22718 | Command injection vulnerability | Spring | CLI VSCode Extension | Medium | 6.8 | 2026-01-14 05:10:58 | Deep Dive |
| CVE-2025-11202 | win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability | win-cli-mcp-server | win-cli-mcp-server | - | - | 2025-10-29 19:36:40 | Deep Dive |
| CVE-2025-64140 | Jenkins Azure CLI Plugin 安全漏洞 | Jenkins Project | Jenkins Azure CLI Plugin | - | - | 2025-10-29 13:29:46 | Deep Dive |
| CVE-2025-62427 | Server-Side Request Forgery (SSRF) in Angular SSR | angular | angular-cli | - | - | 2025-10-16 18:50:12 | Deep Dive |
| CVE-2025-9844 | Salesforce CLI 安全漏洞 | Salesforce | Salesforce CLI | - | - | 2025-09-23 13:11:32 | Deep Dive |
| CVE-2025-9262 | wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection | wong2 | mcp-cli | Medium | 5.6 | 2025-08-20 23:02:07 | Deep Dive |
| CVE-2025-6183 | Configd Injection | StrongDM | sdm-cli | - | - | 2025-08-20 16:45:07 | Deep Dive |