83 matches found
CVE-2026-48725
Warp exposes a vulnerability where terminal output can request access to the local clipboard via OSC 52. From build 0.2021.04.25.23.05.stable_00 up to 0.2026.05.06.15.42.stable_01, a malicious remote host or attacker-controlled terminal output source could trigger reads or writes to the user’s cl...
CVE-2026-52859
A flaw was found in Vim, an open-source command-line text editor. This vulnerability allows a program displaying output in a Vim terminal window to trigger an out-of-bounds write by sending a specific byte sequence. This can lead to a crash of the Vim application, resulting in a Denial of Service...
JLSEC-2026-528
In tmux before version 3.1c the function inputcsidispatchsgrcolon in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output...
PT-2026-47004
In tmux before version 3.1c the function input csi dispatch sgr colon in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output...
CVE-2026-45037 Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...
Improper Encoding or Escaping of Output
Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the process that renders human-readable scan results, which includes attacker-controlled values such as filenames, file...
SUSE CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
EUVD-2026-23147
MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to the terminal when...
CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
CVE-2026-40505
Technical details (affected product versions, root-cause specifics, and remediation steps) are not publicly provided in the supplied documents. The sources reiterate a MuPDF mutool PDF-metadata sanitization issue but do not include concrete technical specifics.
CVE-2026-40505 MuPDF < 1.27 mutool ANSI Injection via Metadata
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
CVE-2026-40505 MuPDF mutool ANSI Injection via Metadata
MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to the terminal when...
CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
PT-2026-33222
Name of the Vulnerable Software and Affected Versions MuPDF mutool affected versions not specified Description MuPDF mutool fails to sanitize PDF metadata fields before writing them to terminal output. This allows the injection of arbitrary ANSI escape sequences—codes used to control terminal...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Version 2026.2.13 to 2026.3.24 of OpenClaw contained security vulnerabilities. These vulnerabilities were caused by ANSI escape sequence injections in the approval prompts, which could allow attackers to forge...
EUVD-2026-16234
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
PT-2026-28419
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The software does not properly sanitize user-controlled post...
Security update for php-composer2
This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768 Patch Instructions: To install this SUSE update use the SUSE recommended...
SUSE-SU-2026:0935-1 Security update for php-composer2
This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768...