Lucene search
K

8087 matches found

CVE
CVE
added 2026/06/24 1:37 p.m.81 views

CVE-2026-12537

Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...

10CVSS6.3AI score0.00134EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/06/24 1:37 p.m.7 views

EUVD-2026-38790

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS6.3AI score0.00134EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51788

Name of the Vulnerable Software and Affected Versions Google Gemini CLI versions prior to 0.39.1 run-gemini-cli GitHub Action versions prior to 0.1.22 Description An OS command injection flaw exists in the container launcher used on headless CI platforms. The issue stems from unsafe parsing and...

10CVSS6.4AI score0.00134EPSS
Exploits0References11
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.6 views

CVE-2026-53492 vulnerabilities

Vulnerabilities for packages: kaniko, datadog-agent-fips, rancher-helm, envoy-gateway, amazon-ecs-agent-fips, linkerd2, xeol-fips, buildkitd, kots, syft-fips, cluster-api-helm-controller-fips, teleport, eksctl, spegel, syft, trivy-fips, gitlab-rails-ce-fips, neuvector-scanner-fips,...

9.6CVSS6.1AI score0.00412EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.9 views

CVE-2026-50195 vulnerabilities

Vulnerabilities for packages: kaniko, datadog-agent-fips, rancher-helm, envoy-gateway, amazon-ecs-agent-fips, linkerd2, xeol-fips, buildkitd, kots, syft-fips, cluster-api-helm-controller-fips, teleport, eksctl, spegel, syft, trivy-fips, gitlab-rails-ce-fips, neuvector-scanner-fips,...

9.9CVSS6.1AI score0.00354EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.6 views

CVE-2026-53489 vulnerabilities

Vulnerabilities for packages: kaniko, datadog-agent-fips, rancher-helm, envoy-gateway, amazon-ecs-agent-fips, linkerd2, xeol-fips, buildkitd, kots, syft-fips, cluster-api-helm-controller-fips, teleport, eksctl, spegel, syft, trivy-fips, gitlab-rails-ce-fips, neuvector-scanner-fips,...

8.2CVSS6.1AI score0.00208EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.10 views

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: kaniko, datadog-agent-fips, rancher-helm, envoy-gateway, amazon-ecs-agent-fips, linkerd2, xeol-fips, buildkitd, kots, syft-fips, cluster-api-helm-controller-fips, teleport, eksctl, spegel, syft, trivy-fips, gitlab-rails-ce-fips, neuvector-scanner-fips,...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/06/22 9:42 p.m.5 views

CSV Injection

Overview @actual-app/cli is a CLI for Actual Budget Affected versions of this package are vulnerable to CSV Injection via the escapeCsv function, which fails to neutralize formula-triggering prefixes in user-controlled fields when exporting data to CSV format. An attacker can cause arbitrary...

4.6CVSS6.2AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 4:16 p.m.32 views

CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:16 p.m.24 views

CVE-2026-54271

The CVE-2026-54271 entry concerns protobufjs-cli (pbjs) static code generation, where insecure handling of pre-parsed JSON descriptors could lead to attacker-controlled JavaScript in generated output. Concrete details across connected sources show that protobufjs-cli versions prior to the fixed r...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51447

Name of the Vulnerable Software and Affected Versions @actual-app/cli versions prior to 26.6.0 Description The @actual-app/cli tool contains a CSV serialization issue in the escapeCsv function within packages/cli/src/output.ts. When the --format csv option is used, the serializer only handles...

4.6CVSS6.2AI score0.00188EPSS
Exploits0References7
NVD
NVD
added 2026/06/21 2:16 p.m.12 views

CVE-2026-56236

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...

6.8CVSS0.00134EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.16 views

CVE-2026-56236

CVE-2026-56236 affects Capgo CLI prior to 12.128.2. The issue is arbitrary file overwrite in login and build credentials operations that follow symlinks without validation. An attacker can place malicious symlinks in a repository to overwrite arbitrary files or expose credentials with world-reada...

6.8CVSS6AI score0.00134EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.5 views

CVE-2026-56236

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...

6.8CVSS6AI score0.00134EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.7 views

@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Description Summary @tinacms/cli contains a Remote Code Execution vulnerability in its Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified collection JSON. User-supplied label and name fiel...

7.8CVSS6.2AI score0.0017EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/06/19 9:15 p.m.4 views

Arbitrary Code Injection

Overview @tinacms/cli is a package used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api. Affected versions of this package are vulnerable to Arbitrary Code Injection through the addVariablesToCode/makeFieldsWithInternalCode process in...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 3:0 p.m.10 views

Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind

Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...

6.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/18 8:59 p.m.2 views

SUSE-SU-2026:22218-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.9AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 3:43 p.m.9 views

ROOT-APP-GOBINARY-CVE-2025-15558 CVE-2025-15558 in rootio-github.com/docker/cli - Patched by Root

Root has patched CVE-2025-15558 in the rootio-github.com/docker/cli package for Root:Go. Multiple fixed versions available...

8CVSS7.1AI score0.00472EPSS
Exploits0
CVE
CVE
added 2026/06/17 4:17 p.m.44 views

CVE-2026-20246

Summary: CVE-2026-20246 affects Cisco Umbrella Virtual Appliance. A vulnerability in the vmadmin CLI allows an authenticated, local attacker with vmadmin privileges to escalate to root by abusing certain commands at the CLI. The root-cause is insufficient validation of user-supplied commands in v...

6CVSS5.4AI score0.00104EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder