Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 3 days ago3 views

CVE-2026-54327

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only...

2.2CVSS0.00074EPSS
Exploits0References3
NVD
NVDadded 3 days ago4 views

CVE-2026-54328

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

7.3CVSS0.00115EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 3 days ago3 views

CVE-2026-54327

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only...

2.2CVSS5.8AI score0.00074EPSS
Exploits0References4Affected Software1
CVE
CVEadded 3 days ago10 views

CVE-2026-54327

The Pi credential storage vulnerability (CVE-2026-54327) stems from a race in the auth.json write path. Between file creation/writes and the subsequent permission tightening, auth.json could be created or rewritten with permissions derived from the process umask, briefly exposing stored API keys ...

2.2CVSS5.8AI score0.00074EPSS
Exploits0References3
Cvelist
Cvelistadded 3 days ago36 views

CVE-2026-54326 Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...

2.5CVSS0.00132EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 3 days ago3 views

CVE-2026-54326

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...

2.5CVSS5.8AI score0.00132EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/16 12:0 a.m.11 views

PT-2026-50182

Name of the Vulnerable Software and Affected Versions @mariozechner/pi-coding-agent versions 0.27.5 through 0.73.1 @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 Description Pi HTML exports render session Markdown into a static HTML file but fail to consistently reject unsafe...

2.5CVSS5.9AI score0.00132EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/02/05 9:26 p.m.6 views

CVE-2022-2098

Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1...

9.8CVSS6.7AI score0.00971EPSS
Exploits1References1
NVD
NVDadded 2022/06/16 10:15 a.m.20 views

CVE-2022-2098

Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1...

9.8CVSS0.00971EPSS
Exploits1References2
Rows per page
Query Builder