Lucene search
K

809 matches found

EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42275

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-49147 App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

0.00329EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 6 days ago11 views

CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0
OSV
OSV
added 2026/06/28 8:44 a.m.3 views

SUSE-SU-2026:22380-1 Security update for loupe

This update for loupe fixes the following issue - CVE-2025-58160: tracing-subscriber: untrusted input containing ANSI escape sequences can lead to terminal manipulation bsc1249009. Changes for loupe: - Update to version 48.2: - Check if the is-hidden property is available before reading it. -...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 2026/06/28 8:41 a.m.2 views

OPENSUSE-SU-2026:21074-1 Security update for loupe

This update for loupe fixes the following issue - CVE-2025-58160: tracing-subscriber: untrusted input containing ANSI escape sequences can lead to terminal manipulation bsc1249009. Changes for loupe: - Update to version 48.2: - Check if the is-hidden property is available before reading it. -...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 8:52 p.m.3 views

GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.5AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 1:31 p.m.12 views

CVE-2026-45803

A flaw was found in GitHub CLI. A remote attacker who can influence GitHub Actions workflow log output could inject terminal escape sequences into workflow logs. When a user views these logs using gh run view --log or gh run view --log-failed, the injected sequences may be replayed by the user's...

3.5CVSS5.7AI score0.00206EPSS
Exploits1References4
NVD
NVD
added 2026/05/27 3:16 p.m.17 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS0.00113EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:42 p.m.12 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.9AI score0.00113EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/27 2:42 p.m.13 views

EUVD-2026-32534

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.14 views

GuardDog 安全漏洞

GuardDog is an open-source CLI tool developed by GuardDog, which allows for the identification of malicious PyPI packages. Versions 2.6.0 to 2.9.0 of GuardDog contain security vulnerabilities. These vulnerabilities stem from the default human-readable output, which includes filenames, file...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in util-linux

The wall function in util-linux up to version 2.40 is often installed with setgid and tty permissions. This allows escape sequences to be sent to other users’ terminals via argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocke...

3.3CVSS6.6AI score0.02242EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Tomcat9

Improper neutralization of escape, meta, or control sequence vulnerabilities in Apache Tomcat. For a subset of uncommon rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, thos...

9.8CVSS6.7AI score0.0418EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/19 9:11 p.m.8 views

CVE-2026-33642

A flaw was found in Kitty, a cross-platform GPU-based terminal. A remote attacker, by sending specially crafted escape sequences to a Kitty terminal, can exploit an integer wrapping vulnerability in the handlecomposecommand function. This vulnerability allows for out-of-bounds memory access, whic...

9.9CVSS6.2AI score0.00286EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/19 7:37 p.m.20 views

EUVD-2026-30549

GitHub CLI: GitHub Actions log output in gh run view allows terminal escape sequence injection...

3.5CVSS5.8AI score0.00206EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/19 7:37 p.m.15 views

GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. Details The vulnerability stems from the way GitHub CLI handles raw Actions log...

3.5CVSS6.1AI score0.00206EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2026/05/19 7:16 p.m.12 views

DEBIAN-CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

9.8CVSS5.7AI score0.00286EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/19 6:4 p.m.13 views

EUVD-2026-30968

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

9.9CVSS5.8AI score0.00286EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/19 6:4 p.m.15 views

CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

9.9CVSS5.8AI score0.00286EPSS
Exploits1References2
Rows per page
Query Builder