2 matches found
CVE-2026-54325
Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded...
PT-2025-48450
Name of the Vulnerable Software and Affected Versions OpenAI Codex CLI versions prior to 0.23.0 Description The OpenAI Codex CLI is susceptible to a command injection flaw stemming from how it processes project-local configuration files. Attackers can exploit this by placing malicious configurati...