Lucene search
K

4731 matches found

OSV
OSV
added 2026/06/18 4:5 p.m.8 views

USN-8451-1 vim vulnerabilities

Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...

8.8CVSS6AI score0.00303EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.9 views

Vim < 9.2.0565 Out-of-Bounds Read (GHSA-47gw-8gc3-mgcm)

The version of Vim installed on the remote host is prior to 9.2.0565. It is, therefore, affected by a vulnerability as referenced in the GHSA-47gw-8gc3-mgcm advisory. - The updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is...

8.2CVSS6.1AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 7:18 p.m.11 views

CVE-2026-53869

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS0.006EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/17 5:55 p.m.10 views

Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Summary The terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured terminal server. An authenticated user who has been granted access to a terminal server can craft path values...

7.7CVSS5.5AI score0.00349EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50589

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The terminal-server reverse proxy in backend/open webui/routers/terminals.py fails to properly confine the user-controlled path segment before forwarding it to an admin-configured terminal server...

7.7CVSS5.9AI score0.00349EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:3 a.m.11 views

Malicious code in terminal-pretty-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab5f2a4118b739df793ebe9fc8d0a2bcf9716ab9f610cbf6a6c70c45643997b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:3 a.m.10 views

Malicious code in terminal-structured-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14080e4c54ea68f090ab98ee4eb27c7e987fe2d5e7ed6c5bb37ed89504a43099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/16 2:21 a.m.10 views

SUSE CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:21 a.m.6 views

SUSE CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal - a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. - can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/15 1:20 a.m.11 views

SUSE CVE-2026-54057

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

7.8CVSS5.2AI score0.00166EPSS
Exploits1References3
Fedora
Fedora
added 2026/06/15 12:51 a.m.11 views

[SECURITY] Fedora 44 Update: gh-2.94.0-1.fc44

A command-line interface to GitHub for use in your terminal or your scripts. gh is a tool designed to enhance your workflow when working with GitHub. It provides a seamless way to interact with GitHub repositories and perform vari ous actions right from the command line, eliminating the need to...

5.5CVSS5.4AI score0.002EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:1 a.m.26 views

Vim: Out-of-bounds Read in Terminal Screen Snapshot

...

8.2CVSS5.3AI score0.00303EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.16 views

CVE-2026-54055

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, specifically a child process running within the terminal, can exploit a Time-of-Check-Time-of-Use TOCTOU race condition in the file transmission protocol. This allows the attacker to create a symbolic link between a...

5CVSS5AI score0.00072EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.13 views

CVE-2026-54057

A flaw was found in Kitty, a cross-platform GPU-based terminal. An input sanitization vulnerability in Kitty's OSC 21 color-control query reply allows an attacker to inject controlled bytes, including newlines, directly into the shell's input. This could enable an attacker to execute arbitrary co...

7.8CVSS5.5AI score0.00166EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.20 views

CVE-2026-54056

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker can exploit a vulnerability in the kitten dnd feature by sending a specially crafted drag-and-drop request. This allows the attacker to overwrite or truncate arbitrary files on the local system that are writable by...

7.6CVSS5AI score0.00268EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.12 views

CVE-2026-42851

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, or a remote attacker who can control output displayed in the terminal, could exploit this vulnerability. By sending specially crafted input to the terminal, the attacker can cause Kitty to execute arbitrary Python...

7.8CVSS5.8AI score0.00164EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.15 views

CVE-2026-42850

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker could exploit this vulnerability by sending a specially crafted escape code to a victim who is connected to the attacker via a program like netcat. This escape code triggers an unescaped error that is then executed ...

8.8CVSS5.6AI score0.00287EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, includin...

7.8CVSS5.9AI score0.00166EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protoc...

5CVSS6AI score0.00072EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 9:16 p.m.8 views

CVE-2026-54057

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

7.8CVSS0.00166EPSS
Exploits1References1
Rows per page
Query Builder