834 matches found
CVE-2025-71316
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...
EUVD-2025-210067
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...
PT-2026-46313
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...
TriSweep: A Four-Drone Swarm Framework for Electromagnetic Side-Channel Analysis
Electromagnetic EM side-channel analysis traditionally assumes a stationary, close-proximity probe - a threat model that underestimates aerial adversaries. TriSweep is a simulation framework that designs and evaluates a four-drone swarm architecture for autonomous standoff EM-SCA of embedded...
Astra Linux - уязвимость в tomcat9
A flaw in Apache Tomcat allows improper neutralization of escape, meta, or control sequences. Tomcat does not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, an attacker could use a...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
CVE-2026-47090
Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...
CVE-2026-47090
Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...
CVE-2026-47090
Claude HUD up to version 0.0.12 is affected by a terminal-injection vulnerability in OSC 8 hyperlink handling. The root cause is constructing OSC 8 sequences from raw cwd and branchUrl values without stripping control characters or encoding embedded values, enabling injection of ANSI codes into t...
EUVD-2026-30801
Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...
CVE-2026-47090 Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks
Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...
Claude HUD 安全漏洞
Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of raw cwd and branchUrl values to construct OSC 8 terminal...
PT-2026-41730
Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description The software constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values. This allows attackers t...
Flawfinder-ANSI-Exploit-POC
Flawfinder-ANSI-Exploit-POC In version 2.0.19 of Flawfinder, n...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021309)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021309 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...
openSUSE 16 Security Update : php-composer2 (openSUSE-SU-2026:20670-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20670-1 advisory. - CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources...
OPENSUSE-SU-2026:20670-1 Security update for php-composer2
This update for php-composer2 fixes the following issues: - CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources bsc1255768. - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definiti...
SUSE-SU-2026:21542-1 Security update for php-composer2
This update for php-composer2 fixes the following issues: - CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources bsc1255768. - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definiti...
CLSA-2026-1776163133 tomcat: Fix of 3 CVEs
CVE-2024-52316: fix unchecked error condition in Jakarta Authentication JASPIC ServerAuthContext - CVE-2025-46701: fix case sensitivity bypass in CGI servlet pathInfo - CVE-2025-55754: add escaping to logging output for ANSI sequences...