poc-opencode-dev-agents

opencode-dev-agents Agentes AI y comandos personalizados pa...

kubeshark-cli-53.1.0-1.1 on GA media (moderate)

kubeshark-cli-53.1.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10302-1 Rating: moderate Cross-References: CVE-2025-30204 CVE-2025-47914 CVSS scores: CVE-2025-30204 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-30204 SUSE : 8.7...

@oneuptime/cli (>=10.0.10 <=10.0.17) potentially affected by CVE-2026-30887 via @oneuptime/common (>=10.0.10 <=10.0.17)

@oneuptime/common NPM version =10.0.10, =10.0.10, =10.0.17 Source cves: CVE-2026-30887 Source advisory: OSV:GHSA-H343-GG57-2Q67...

@powersync/cli-core (>=0.0.0-dev-20260305082615 <=0.9.2), @powersync/cli-plugin-config-edit (>=0.0.0-dev-20260305082615 <=0.9.2) +19 more potentially affected by CVE-2026-30870 via @powersync/service-sync-rules (=0.32.0)

@powersync/service-sync-rules NPM version =0.32.0 is affected by a known vulnerability. The following packages have a transitive dependency on @powersync/service-sync-rules and may be impacted: - @powersync/cli-core =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615,...

OPENSUSE-SU-2026:10302-1 kubeshark-cli-53.1.0-1.1 on GA media

These are all security issues fixed in the kubeshark-cli-53.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

GHSA-G8R9-G2V8-JV6F GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

CVE-2026-29783

The CVE concerns GitHub Copilot CLI shell tool pre-0.0.423. Affected: Copilot CLI versions up to and including 0.0.422. Issue: the shell safety assessment misclassifies certain bash parameter expansion patterns as read-only, allowing arbitrary code execution when an attacker can influence the com...

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

PT-2026-23732

Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 0.0.423 Description The shell tool within GitHub Copilot CLI is susceptible to arbitrary code execution through crafted bash parameter expansion patterns. An attacker influencing commands executed by the...

Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2026-277)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-277 advisory. NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if...

@amedia/brick-mcp (>=0.0.0-vSNAPSHOT-20260217144000 <=1.0.0), @area15/ticket-component (=0.1.0) +108 more potentially affected by CVE-2026-3419 via fastify (>=5.7.2 <=5.7.4)

fastify NPM version =5.7.2, =0.0.0-vSNAPSHOT-20260217144000, =0.5.2, =0.5.2, =0.5.2, =0.5.2, =0.2.11, =2.4.2-next.143, =2.4.2-next.143, =2.4.2-next.143, =2.4.2-next.143, =2.11.6, =5.1.19, =2.21.2, =2.21.2, =2.21.3 and more Source cves: CVE-2026-3419 Source advisory: OSV:GHSA-573F-X89G-HQP9...

agent-nexus-cli (>=0.1.0 <=0.1.31), agentiva (>=0.1.0 <=0.1.5) potentially affected by CVE-2026-28277 via langgraph-checkpoint (>=4.0.0 <=4.0.1)

langgraph-checkpoint PYPI version =4.0.0, =0.1.0, =0.1.0, =0.1.5 Source cves: CVE-2026-28277 Source advisory: SNYK:PYTHON-LANGGRAPHCHECKPOINT-15433491...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +432 more potentially affected by CVE-2026-28277 via langgraph (>=0.1.15 <=1.0.10)

langgraph PYPI version =0.1.15, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.0.1, =2.1.7, =0.0.2, =0.0.1, =0.1.1, =0.1.2, =0.0.4, =0.5.5 and more Source cves: CVE-2026-28277 Source advisory: OSV:PYSEC-2026-83...

CVE-2026-20063

A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...

CVE-2026-20064

A vulnerability in of Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service DoS condition. This vulnerability is due to improper validation of user-supplied input. An attacker with a...

CVE-2026-30791

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

CVE-2026-30791

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...