Lucene search
+L

944 matches found

NVD
NVD
added 2026/05/15 5:16 p.m.34 views

CVE-2026-45038

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233...

8.4CVSS0.00178EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 4:48 p.m.12 views

EUVD-2026-30572

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233...

8.4CVSS6.2AI score0.00178EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 4:48 p.m.26 views

CVE-2026-45038

Tabby (formerly Terminus) vulnerability CVE-2026-45038 affects the terminal emulator prior to version 1.0.233. The issue arises because Tabby does not escape control characters in file paths during drag-and-drop, which can lead to code execution. Impact is described as high for confidentiality, i...

8.4CVSS6.2AI score0.00178EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:48 p.m.11 views

CVE-2026-45038

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233...

8.4CVSS6.2AI score0.00178EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 4:48 p.m.12 views

CVE-2026-45038 Tabby: Dragging and Dropping a File into Tabby Can Lead to Code Execution

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233...

8.4CVSS6.2AI score0.00178EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 4:48 p.m.56 views

CVE-2026-45038 Tabby: Dragging and Dropping a File into Tabby Can Lead to Code Execution

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233...

8.4CVSS0.00178EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.18 views

Tabby 安全漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions of Tabby Terminus prior to version 1.0.233 contain security vulnerabilities. These vulnerabilities stem from the lack of escaping control characters when draggin...

8.4CVSS5.9AI score0.00178EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 7:23 p.m.14 views

CLSA-2026-1778769563 python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

6.1CVSS6.6AI score0.0552EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 4:16 p.m.23 views

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS0.00431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:44 p.m.9 views

CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:44 p.m.8 views

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/13 8:58 a.m.7 views

CLSA-2026-1778233384 openssh: Fix of CVE-2026-35386

CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...

8.1CVSS5.9AI score0.00247EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/05/13 8:58 a.m.14 views

openssh: Fix of CVE-2026-35386

CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...

8.1CVSS5.9AI score0.00247EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

protobuf.js 输入验证错误漏洞

protobuf.js is a pure JavaScript implementation of the protobuf.js project, open source. It provides a protocol buffer implementation that supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions of protobuf.js...

5.3CVSS5.9AI score0.00431EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 7:19 p.m.9 views

CLSA-2026-1778613560 python3.11: Fix of 2 CVEs

CVE-2025-15282: reject control characters in data: URL mediatypes - CVE-2025-11468: preserve parens when folding email comments to prevent header injection...

6CVSS5.8AI score0.0055EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 3:6 p.m.6 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when handling field names containing control characters in schemas or JSON descriptors. An attacker can cause runtime errors and disrupt application functionality by supplying crafted...

6.9CVSS5.9AI score0.00431EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.44 views

protobuf.js: Denial of service from crafted field names in generated code

Summary protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function bodies. A crafted schema or JSON descriptor could therefore cause generated encode,...

5.3CVSS6.2AI score0.00431EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/12 3:6 p.m.12 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when handling field names containing control characters in schemas or JSON descriptors. An attacker can cause runtime errors and disrupt application functionality by supplying crafted...

6.9CVSS5.9AI score0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 3:6 p.m.10 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions when handling field names containing control characters in schemas or JSON descriptors. An attacker can cause runtime erro...

6.9CVSS6AI score0.00431EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 3:6 p.m.11 views

GHSA-2PR8-PHX7-X9H3 protobuf.js: Denial of service from crafted field names in generated code

Summary protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function bodies. A crafted schema or JSON descriptor could therefore cause generated encode,...

5.3CVSS6.2AI score0.00431EPSS
Exploits0References5
Rows per page
Query Builder