CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

343 matches found

RedhatCVE•added 2026/06/05 7:43 p.m.•8 views

CVE-2026-8766

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...

6.5CVSS5AI score0.00316EPSS

Exploits1References1

OSV•added 2026/05/20 9:43 a.m.•12 views

MAL-2026-4574 Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

6.2AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/20 9:43 a.m.•11 views

Malicious code in gm-kilo (npm)

6.2AI score

Exploits0References1

EUVD•added 2026/05/18 12:31 a.m.•14 views

EUVD-2026-30710

5.3CVSS5.4AI score0.00316EPSS

Exploits1References5

OSV•added 2026/05/18 12:31 a.m.•8 views

GHSA-RPC6-9C4P-J5CG @kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

5.3CVSS5.4AI score0.00316EPSS

Exploits1References6

NVD•added 2026/05/17 11:17 p.m.•20 views

CVE-2026-8766

6.5CVSS0.00316EPSS

Exploits1References4

ATTACKERKB•added 2026/05/17 10:15 p.m.•15 views

CVE-2026-8766

5.3CVSS5.4AI score0.00316EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/05/17 10:15 p.m.•41 views

CVE-2026-8766 Kilo-Org kilocode Environment Variable config.ts load information disclosure

5.3CVSS0.00316EPSS

Exploits1References4

Vulnrichment•added 2026/05/17 10:15 p.m.•13 views

CVE-2026-8766 Kilo-Org kilocode Environment Variable config.ts load information disclosure

5.3CVSS5.4AI score0.00316EPSS

Exploits1References4

CVE•added 2026/05/17 10:0 p.m.•33 views

CVE-2026-8765

The CVE-2026-8765 entry concerns Kilo-Org kilocode up to version 7.0.47. It affects the Bun.file function in packages/opencode/src/kilocode/review/worktree-diff.ts of the File Diff API Endpoint. The underlying issue is a path traversal vulnerability caused by manipulating the File argument, allow...

6.5CVSS5.5AI score0.0058EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/05/17 12:0 a.m.•18 views

PT-2026-41586

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A flaw in the Environment Variable Handler component allows remote information disclosure. The issue exists within the Load function located in the packages/opencode/src/config/config.ts...

5.3CVSS5.8AI score0.00316EPSS

Exploits1References7

CNNVD•added 2026/05/17 12:0 a.m.•25 views

Kilo Code 路径遍历漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the Bun.file function within the File Diff API Endpoint component...

6.5CVSS5.8AI score0.0058EPSS

Exploits1References1

CNNVD•added 2026/05/17 12:0 a.m.•9 views

Kilo Code 信息泄露漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a vulnerability known as information leakage. This vulnerability stemmed from improper handling of the parameter KILOCONFIGCONTENT in the Load function of the Environment...

6.5CVSS5.8AI score0.00316EPSS

Exploits1References1

RedhatCVE•added 2026/03/28 4:56 a.m.•4 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

10CVSS6.2AI score0.01993EPSS

Exploits0References1

NVD•added 2026/03/27 4:16 p.m.•3 views

CVE-2026-30302

10CVSS0.01993EPSS

Exploits0References1

Cvelist•added 2026/03/27 12:0 a.m.•20 views

CVE-2026-30302

0.01993EPSS

Exploits0References1

ATTACKERKB•added 2026/03/27 12:0 a.m.•1 views

CVE-2026-30302

6.2AI score0.01993EPSS

Exploits0References2

CNNVD•added 2026/03/27 12:0 a.m.•9 views

GitLab CodeRider-Kilo 安全漏洞

GitLab CodeRider-Kilo is an artificial intelligence programming assistant provided by GitLab Inc. There is a security vulnerability in GitLab CodeRider-Kilo. This vulnerability stems from the command autapproval module using an incompatible command parser on the Windows platform and failing to...

10CVSS6.2AI score0.01993EPSS

Exploits0References1

Positive Technologies•added 2026/03/27 12:0 a.m.•3 views

PT-2026-28395

Name of the Vulnerable Software and Affected Versions CodeRider-Kilo affected versions not specified Description A flaw exists in the command auto-approval module of CodeRider-Kilo that bypasses its whitelist security mechanism, leading to a potential OS Command Injection. This is due to the use ...

10CVSS6.1AI score0.01993EPSS

Exploits0References3

CVE•added 2026/03/27 12:0 a.m.•7 views

CVE-2026-30302

The CVE-2026-30302 entry describes an OS Command Injection in CodeRider-Kilo’s command auto-approval module. The root cause is the use of a Unix-based shell-quote parser to analyze Windows commands and improper handling of Windows CMD escape sequences (^). Attackers can craft payloads such as git...

10CVSS6.2AI score0.01993EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by