CVE-2026-22812

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process or any website via permissive CORS to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216...

CVE-2026-22812 OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process or any website via permissive CORS to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216...

opencode 安全漏洞

opencode is an AI programming intelligence open-sourced by Anomaly. A security vulnerability exists in versions prior to opencode 1.0.216, which stems from automatically launching an unauthenticated HTTP server and could lead to the execution of arbitrary shell commands...

WordPress Rank Math SEO plugin <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'titleWrapper' vulnerability discovered by wesley wcraft in WordPress Plugin Rank Math SEO versions = 1.0.216...

PT-2024-27106 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO with AI SEO Tools plugin for WordPress versions up to, and including, 1.0.216 Description: The issue is related to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets due to insufficient input sanitization and...