64 matches found
CVE-2026-45244
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...
CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...
CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content
GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...
Summarize contains a missing authorization vulnerability
Summarize prior to 0.15.0 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...
CVE-2026-45244 Summarize < 0.15.1 Unapproved Browser Automation Execution
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...
EUVD-2026-30796
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...
PT-2026-41723
Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...
CVE-2026-45036
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
PT-2026-41321
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
Improper Encoding or Escaping of Output
Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the process that renders human-readable scan results, which includes attacker-controlled values such as filenames, file...
PT-2026-39678
Summary GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs...
SUSE-SU-2026:21448-1 Security update for sed
This update for sed fixes the following issue: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...
PT-2026-34615
Name of the Vulnerable Software and Affected Versions @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions prior to 0.6.0 Description The software allows attacker-controlled comment content to be serialized into XML without validating or neutralizing...
Zarf 安全漏洞
Zarf is an open-source Kubernetes offline environment software delivery tool developed by zarf-dev. Versions of Zarf from 0.23.0 to 0.74.1 contain security vulnerabilities. These vulnerabilities stem from path traversal issues in the zarf package’s inspect subcommand, which could allow writing...
CVE-2026-5704
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...
CVE-2026-5704 Tar: tar: hidden file injection via crafted archives
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...
CVE-2026-5704
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...
CVE-2026-5704
CVE-2026-5704 affects the tar component. A flaw allows a remote attacker to craft an archive that injects hidden files with attacker-controlled content, bypassing pre-extraction inspection and potentially introducing malicious files to a system without detection. The vulnerability is described wi...
CVE-2026-5704 Tar: tar: hidden file injection via crafted archives
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...
CVE-2026-2919 Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for...