CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/27 2:42 p.m.•35 views

CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

5CVSS0.00013EPSS

Github Security Blog•added 2026/05/18 9:31 p.m.•4 views

Summarize contains a missing authorization vulnerability

Summarize prior to 0.15.0 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

Exploits1References7Affected Software1

Vulnrichment•added 2026/05/18 6:57 p.m.•9 views

CVE-2026-45244 Summarize < 0.15.1 Unapproved Browser Automation Execution

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

EUVD•added 2026/05/18 6:57 p.m.•13 views

Exploits1References4

EUVD-2026-30796

Positive Technologies•added 2026/05/18 12:0 a.m.•7 views

Exploits1References4

PT-2026-41723

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...

NVD•added 2026/05/15 5:16 p.m.•6 views

Exploits1References7

CVE-2026-45036

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS0.00016EPSS

Positive Technologies•added 2026/05/15 12:0 a.m.•6 views

PT-2026-41321

7CVSS6.2AI score0.00016EPSS

Snyk•added 2026/05/11 2:43 p.m.•7 views

Improper Encoding or Escaping of Output

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the process that renders human-readable scan results, which includes attacker-controlled values such as filenames, file...

5CVSS5.9AI score0.00013EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39678

Summary GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs...

5CVSS5.8AI score0.00013EPSS

Exploits0References4

Positive Technologies•added 2026/04/22 12:0 a.m.•0 views

PT-2026-34615

Name of the Vulnerable Software and Affected Versions @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions prior to 0.6.0 Description The software allows attacker-controlled comment content to be serialized into XML without validating or neutralizing...

8.7CVSS5.9AI score0.00074EPSS

Exploits0References9

CNNVD•added 2026/04/15 12:0 a.m.•4 views

Zarf 安全漏洞

Zarf is an open-source Kubernetes offline environment software delivery tool developed by zarf-dev. Versions of Zarf from 0.23.0 to 0.74.1 contain security vulnerabilities. These vulnerabilities stem from path traversal issues in the zarf package’s inspect subcommand, which could allow writing...

7.1CVSS5.8AI score0.00053EPSS

UbuntuCve•added 2026/04/06 4:16 p.m.•1 views

CVE-2026-5704

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

5.5CVSS5.9AI score0.00028EPSS

Exploits1References2

Cvelist•added 2026/04/06 3:17 p.m.•27 views

CVE-2026-5704 Tar: tar: hidden file injection via crafted archives

5CVSS0.00028EPSS

Exploits1References2

Debian CVE•added 2026/04/06 3:17 p.m.•2 views

CVE-2026-5704

5.5CVSS5.5AI score0.00028EPSS

Exploits1

CVE•added 2026/04/06 3:17 p.m.•14 views

CVE-2026-5704

CVE-2026-5704 affects the tar component. A flaw allows a remote attacker to craft an archive that injects hidden files with attacker-controlled content, bypassing pre-extraction inspection and potentially introducing malicious files to a system without detection. The vulnerability is described wi...

5.5CVSS5.9AI score0.00028EPSS

Exploits1References5Affected Software3

Vulnrichment•added 2026/04/06 3:17 p.m.•0 views

CVE-2026-5704 Tar: tar: hidden file injection via crafted archives

5CVSS5.9AI score0.00028EPSS

Exploits1References2

Cvelist•added 2026/03/09 1:27 p.m.•24 views

CVE-2026-2919 Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for...

0.00012EPSS

NVD•added 2026/02/23 5:23 p.m.•2 views

CVE-2026-27512

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

6.1CVSS0.00049EPSS