2611 matches found
CVE-2026-47092
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...
CVE-2026-47092 Claude HUD 0.0.12 Arbitrary Command Execution via COMSPEC Environment Variable
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...
CVE-2026-47092 Claude HUD 0.0.12 Arbitrary Command Execution via COMSPEC Environment Variable
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...
EUVD-2026-30802
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...
EUVD-2026-30710
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...
@kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...
PT-2026-41732
Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description Local attackers can execute arbitrary commands on Windows systems by manipulating the COMSPEC environment variable. By setting COMSPEC to an arbitrary binary path before the software perform...
CVE-2026-8766
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...
CVE-2026-8766 Kilo-Org kilocode Environment Variable config.ts load information disclosure
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...
CVE-2026-8766
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...
CVE-2026-8766 Kilo-Org kilocode Environment Variable config.ts load information disclosure
A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...
CVE-2026-8766
CVE-2026-8766 affects Kilo-Org kilocode
Kilo Code 信息泄露漏洞
Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a vulnerability known as information leakage. This vulnerability stemmed from improper handling of the parameter KILOCONFIGCONTENT in the Load function of the Environment...
PT-2026-41586
Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A flaw in the Environment Variable Handler component allows remote information disclosure. The issue exists within the Load function located in the packages/opencode/src/config/config.ts...
Server-Side Request Forgery
magicmirror is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation in the /cors endpoint, allowing unauthenticated attackers to force the server to make arbitrary HTTP requests to internal or external services, while environment variable expansion...
GHSA-FM77-94QM-4894 Crabbox: environment variable exposure vulnerability
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the process that handles environment variable allowlisting in repository-local configuration. An attacker can access sensitive environment variables, including API tokens and credentials, by forwarding them...
CVE-2026-8634
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...
CVE-2026-8634 Crabbox < v0.12.0 Environment Variable Information Disclosure
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...
CVE-2026-42281
MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...