Lucene search
K

841 matches found

EUVD
EUVD
added 2026/07/08 12:29 a.m.8 views

EUVD-2026-42150

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS6AI score0.00316EPSS
Exploits0References6
OSV
OSV
added 2026/06/28 8:44 a.m.3 views

SUSE-SU-2026:22380-1 Security update for loupe

This update for loupe fixes the following issue - CVE-2025-58160: tracing-subscriber: untrusted input containing ANSI escape sequences can lead to terminal manipulation bsc1249009. Changes for loupe: - Update to version 48.2: - Check if the is-hidden property is available before reading it. -...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 2026/06/28 8:41 a.m.2 views

OPENSUSE-SU-2026:21074-1 Security update for loupe

This update for loupe fixes the following issue - CVE-2025-58160: tracing-subscriber: untrusted input containing ANSI escape sequences can lead to terminal manipulation bsc1249009. Changes for loupe: - Update to version 48.2: - Check if the is-hidden property is available before reading it. -...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 9:15 p.m.5 views

GHSA-GX93-M64W-5M6H Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering

Summary The ansi.js Handlebars helper in allure-generator passes user-controlled statusMessage and statusTrace values from test result files through the ansi-to-html library and wraps the output in Handlebars SafeString without HTML escaping. Since ansi-to-html does not escape HTML entities by...

6.1CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/06/10 6:16 p.m.15 views

CVE-2026-20260

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:16 p.m.19 views

CVE-2026-20260

In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker can inject ANSI escape codes into SOAR logs via specially crafted HTTP request paths. The root cause is that SOAR does not strip control characters from HTTP request paths before wr...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/06/07 12:0 a.m.8 views

p5-ack -- Multiple issues

Ack project reports: CVE-2026-49147: filename ANSI escape sequences CVE-2026-49146: project .ackrc -A -B -C memory exhaustion CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration...

7.5CVSS5.4AI score0.0038EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 7:16 p.m.19 views

CVE-2025-71316

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

9.8CVSS0.00384EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/04 5:39 p.m.10 views

EUVD-2025-210067

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

9.8CVSS5.9AI score0.00384EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/04 5:39 p.m.9 views

CVE-2025-71316

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

9.8CVSS5.5AI score0.00384EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.30 views

PT-2026-46313

Name of the Vulnerable Software and Affected Versions SQLite sqldiff.exe versions prior to 2025-12-26 Description The sqldiff.exe utility does not securely handle the conversion of Unicode characters to ANSI codepages by the Microsoft Windows C runtime. An attacker can exploit this by using the...

9.8CVSS5.7AI score0.00384EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.15 views

TriSweep: A Four-Drone Swarm Framework for Electromagnetic Side-Channel Analysis

Electromagnetic EM side-channel analysis traditionally assumes a stationary, close-proximity probe - a threat model that underestimates aerial adversaries. TriSweep is a simulation framework that designs and evaluates a four-drone swarm architecture for autonomous standoff EM-SCA of embedded...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in node-ansi-regex

ansi-regex is vulnerable to inefficient regular expression complexity...

7.8CVSS6.7AI score0.03552EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Tomcat9

Improper neutralization of escape, meta, or control sequence vulnerabilities in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

9.6CVSS7.1AI score0.09917EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 1:41 p.m.13 views

org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

9.6CVSS7.3AI score0.09917EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 9:0 a.m.16 views

org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

9.6CVSS7.3AI score0.09917EPSS
Exploits0References6
NVD
NVD
added 2026/05/18 8:16 p.m.27 views

CVE-2026-47090

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

4.6CVSS0.00104EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/18 7:31 p.m.14 views

EUVD-2026-30801

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

4.6CVSS6AI score0.00104EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:31 p.m.12 views

CVE-2026-47090

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

4.6CVSS6AI score0.00104EPSS
Exploits0References5
CVE
CVE
added 2026/05/18 7:31 p.m.21 views

CVE-2026-47090

Claude HUD up to version 0.0.12 is affected by a terminal-injection vulnerability in OSC 8 hyperlink handling. The root cause is constructing OSC 8 sequences from raw cwd and branchUrl values without stripping control characters or encoding embedded values, enabling injection of ANSI codes into t...

4.6CVSS6AI score0.00104EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder