Lucene search
K

185 matches found

NVD
NVD
added last week7 views

CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS0.00278EPSS
Exploits1References3
NVD
NVD
added last week6 views

CVE-2026-48720

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added last week28 views

CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS0.00247EPSS
Exploits0References2
CVE
CVE
added last week14 views

CVE-2026-48721

Warp: The default unsandboxed CLI agent profile uses a command denylist as a safety boundary. From 0.2025.10.08.08.12.stable_00 to 0.2026.05.06.15.42.stable_01, Warp’s command output can be influenced by environment-variable prefixes, causing denylisted commands to be treated as allowed. This byp...

8.6CVSS6AI score0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added last week33 views

CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS0.00278EPSS
Exploits1References3
CVE
CVE
added last week13 views

CVE-2026-54686

Warp: CVE-2026-54686 enables DCS lifecycle hook spoofing in Warp’s PTY stream, allowing attacker-controlled terminal output to spoof lifecycle metadata (e.g., working directory, SSH transport metadata) for active sessions. Technical details in connected PoC describe additional remote command inje...

4.3CVSS5.9AI score0.00278EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52028

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.10.08.08.12.stable 00 through 0.2026.05.06.15.42.stable 00 Description A command execution permission-check bypass exists in the default unsandboxed CLI agent profile. This profile is non-interactive and utilizes a command...

8.6CVSS6AI score0.00145EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46881

Name of the Vulnerable Software and Affected Versions Nhost CLI affected versions not specified Description The hidden configserver used by nhost dev exposes the Mimir GraphQL API with permissive CORS and dummy authorization directives. This allows any process capable of reaching the developer's...

5.4CVSS6AI score0.00033EPSS
Exploits0References7
NVD
NVD
added 2026/06/02 4:16 p.m.12 views

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS0.00373EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/25 1:55 a.m.8 views

[SECURITY] Fedora 44 Update: qt-creator-19.0.0-0.3.fc44

Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...

5.3AI score
Exploits0
NVD
NVD
added 2026/04/22 5:16 p.m.9 views

CVE-2026-5262

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS0.00223EPSS
Exploits0References3
Wiz blog
Wiz blog
added 2026/04/21 12:57 p.m.10 views

Closing the Security Gap in the Age of Agentic Coding

AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/31 12:0 a.m.12 views

CVE-2026-30309

InfCode's InfCode Terminal vulnerability (CVE-2026-30309) stems from a defective command filtering module in the terminal auto-execution feature. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (e.g., powershell), and the matching algorithm lacks dynamic se...

7.8CVSS6.5AI score0.00297EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.3 views

Faraday 5.19.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/12/18 3:15 p.m.7 views

EUVD-2025-204309

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS6.2AI score0.00106EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from a memory corruption when loading invalid firmware in the bootloader...

7.8CVSS6.7AI score0.00076EPSS
Exploits0References1
OSV
OSV
added 2025/11/19 4:40 p.m.8 views

CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

3.5CVSS6.6AI score0.00424EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.4 views

AVEVA Application Server 安全漏洞

AVEVA Application Server is an industrial automation real-time control platform from AVEVA UK. A security vulnerability exists in AVEVA Application Server that stems from a cross-site script injection issue in the IDE component that could lead to elevation of privilege...

7.2CVSS6.7AI score0.00135EPSS
Exploits0References4
CVE
CVE
added 2025/11/14 11:57 p.m.15 views

CVE-2025-8386

CVE-2025-8386 relates to AVEVA Application Server IDE: an authenticated user with the privileges of “aaConfigTools” can tamper App Objects’ help files to inject persistent cross-site scripting (XSS). This is described as exploitable only during config-time operations in the IDE component; run-tim...

7.2CVSS5.8AI score0.00135EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/14 11:57 p.m.2 views

CVE-2025-8386 AVEVA Application Server IDE Basic Cross-site Scripting

The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...

7.2CVSS5.8AI score0.00135EPSS
Exploits0References3
Rows per page
Query Builder