CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

SUSE CVE•added 2026/05/18 1:21 p.m.•9 views

SUSE CVE-2026-45803

gh is GitHub's official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

3.5CVSS6AI score0.002EPSS

Exploits1References3

CVE•added 2026/05/15 3:26 p.m.•29 views

CVE-2026-45803

GitHub CLI (gh) vulnerability: from v1.6.0 to before v2.92.0, terminal escape sequences could be injected via workflow logs when using gh run view --log or --log-failed, due to unsanitized raw log output. An attacker controlling Actions logs (e.g., PR-triggered workflows) could cause terminal man...

3.5CVSS6AI score0.002EPSS

Exploits1References1Affected Software1

Snyk•added 2026/04/10 5:8 p.m.•2 views

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via the ForwardToWall process. An attacker can inject ANSI escape sequences into user terminals by executing a logger -p emerg command when the relevant configuration is enabled. This is only...

3.3CVSS5.8AI score0.00173EPSS

Exploits1References2

Snyk•added 2026/03/29 3:50 p.m.•4 views

Improper Neutralization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization via the approval prompt process. An attacker can inject malicious ANSI escape sequences into terminal output by supplying crafted tool metadata, potentially spoofi...

5.3CVSS5.9AI score0.0026EPSS

Exploits0References3

CVE•added 2026/02/12 8:6 p.m.•13 views

CVE-2026-25996

CVE-2026-25996 affects Inspektor Gadget. The vulnerability arises because string fields from eBPF events in the columns output mode are rendered to the terminal without sanitizing control characters or ANSI escape sequences, enabling injection via crafted event payloads. Affected surface includes...

9.8CVSS5.6AI score0.0056EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2026/01/16 12:0 a.m.•5 views

MiracleLinux 7 : ruby-2.0.0.648-35.0.1.el7.AXS7 (AXSA:2019-3890:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3890:02 advisory. rubygems: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8324 rubygems: Escape sequence injection vulnerability in gem own...

8.8CVSS7.6AI score0.03372EPSS

Exploits0References5

OSV•added 2025/11/24 6:27 p.m.•5 views

MGASA-2025-0311 Updated ruby-rack packages fix security vulnerabilities

Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...

7.5CVSS7.1AI score0.01095EPSS

Exploits1References3

Mageia•added 2025/11/24 6:27 p.m.•28 views

Updated ruby-rack packages fix security vulnerabilities

7.5CVSS6.9AI score0.01095EPSS

Exploits1References2

OSV•added 2025/11/04 3:11 p.m.•5 views

CLSA-2025-1762269073 Fix CVE(s): CVE-2018-1000500, CVE-2022-28391, CVE-2023-39810

SECURITY UPDATE: missing SSL certificate validation vulnerability in wget - debian/patches/CVE-2018-1000500-1.patch: implement TLS verification with CENABLEFEATUREWGETOPENSSL - debian/patches/CVE 2018-1000500-2.patch: fix openssl options for cert verification - CVE-2018-1000500 SECURITY UPDATE:...

8.8CVSS5.8AI score0.03505EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0533

Malware in sbrugna...

7.5CVSS6.5AI score0.03372EPSS

Exploits0References18

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0493

Malware in sbrugna...

7.5CVSS6.5AI score0.03372EPSS

Exploits0References19

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-0550

Malware in sbrugna...

7.5CVSS6.5AI score0.03372EPSS

Exploits0References19

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2010-3906

Malware in sbrugna...

6.8CVSS6.4AI score0.01786EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0502

Malware in sbrugna...

7.5CVSS6.5AI score0.03372EPSS

Exploits0References19

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-7331

Malware in sbrugna...

5.3CVSS5.6AI score0.00784EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-2613

Malicious code in bioql PyPI...

10CVSS9.3AI score0.04581EPSS

Exploits0References8

Tenable Nessus•added 2025/09/03 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-58160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber wa...

2.3CVSS5.8AI score0.00303EPSS

Exploits0References4

CNNVD•added 2025/08/29 12:0 a.m.•2 views

tracing 安全漏洞

tracing is an open source application from Tokio. A security vulnerability exists in tracing versions prior to 0.3.20, which stems from ANSI escape sequence injection and could lead to endpoint manipulation...

2.3CVSS6.7AI score0.00303EPSS

Exploits0References3

Tenable Nessus•added 2025/08/21 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2019-8321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is...

7.5CVSS6.6AI score0.03372EPSS

Exploits0References2