Lucene search
K

569 matches found

Chainguard
Chainguard
added 5 days ago6 views

CVE-2026-28291 vulnerabilities

Vulnerabilities for packages: gemini-cli...

8.1CVSS5.9AI score0.00652EPSS
Exploits1
Chainguard
Chainguard
added 5 days ago7 views

GHSA-JCXM-M3JX-F287 vulnerabilities

Vulnerabilities for packages: gemini-cli...

5.9AI score
Exploits0
Chainguard
Chainguard
added 5 days ago7 views

GHSA-R275-FR43-PM7Q vulnerabilities

Vulnerabilities for packages: gemini-cli...

5.9AI score
Exploits0
Chainguard
Chainguard
added 5 days ago7 views

CVE-2026-28292 vulnerabilities

Vulnerabilities for packages: gemini-cli...

9.8CVSS5.9AI score0.01296EPSS
Exploits1
NVD
NVD
added 2026/06/24 2:17 p.m.19 views

CVE-2026-12537

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:37 p.m.37 views

CVE-2026-12537 Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:37 p.m.81 views

CVE-2026-12537

Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...

10CVSS6.3AI score0.00134EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/06/24 1:37 p.m.7 views

EUVD-2026-38790

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS6.3AI score0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:37 p.m.4 views

CVE-2026-12537

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS6.3AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51788

Name of the Vulnerable Software and Affected Versions Google Gemini CLI versions prior to 0.39.1 run-gemini-cli GitHub Action versions prior to 0.1.22 Description An OS command injection flaw exists in the container launcher used on headless CI platforms. The issue stems from unsafe parsing and...

10CVSS6.4AI score0.00134EPSS
Exploits0References11
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:7 a.m.8 views

Malicious code in @mastra/voice-google-gemini-live (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7292d326aee198d9a062ea2ac2675a0c48058faacb97aee1b862c8605b9a0658 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/12 9:36 p.m.81 views

exploitGuard

Run and deploy your AI Studio app This contains everything yo...

5.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 6:59 p.m.19 views

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing

Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence AI agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/03 7:11 p.m.23 views

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.34 views

Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/05/26 6:46 p.m.19 views

Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning

Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/26 9:3 a.m.19 views

MAL-2026-4789 Malicious code in ggk-happy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a22c29c3d374a49fdb69fb941f2fb81e42b69006b8ed154eba8d365c755b245 ggk-happy presents itself as the slopus/happy CLI Mobile/Web client for Claude Code — author metadata, homepage happy.engineering, and repository...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 10:32 p.m.12 views

Malicious code in edison-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7 At pip install time, setup.py reads the EDISONQUERY environment variable from the installer's environment and POSTs it to...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/25 10:32 p.m.29 views

MAL-2026-4747 Malicious code in edison-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7 At pip install time, setup.py reads the EDISONQUERY environment variable from the installer's environment and POSTs it to...

5.8AI score
Exploits0References5
HackRead
HackRead
added 2026/05/21 4:3 p.m.15 views

Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds

Deleted Google API Keys remain active for up to 23 minutes after deletion, exposing GCP, Gemini, BigQuery, and Maps data to attackers...

5.8AI score
Exploits0
Rows per page
Query Builder