Lucene search
K

189 matches found

NVD
NVD
added 2026/07/06 10:16 p.m.7 views

CVE-2026-42148

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:14 p.m.5 views

CVE-2026-42148

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS6.2AI score0.00121EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 9:14 p.m.4 views

CVE-2026-42148 Coolify: Command Injection via Unescaped Version String in Docker Build

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS6.2AI score0.00121EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 6:17 p.m.8 views

CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS0.00278EPSS
Exploits1References3
NVD
NVD
added 2026/06/24 6:17 p.m.10 views

CVE-2026-48720

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:32 p.m.32 views

CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:31 p.m.25 views

CVE-2026-48721

Warp: The default unsandboxed CLI agent profile uses a command denylist as a safety boundary. From 0.2025.10.08.08.12.stable_00 to 0.2026.05.06.15.42.stable_01, Warp’s command output can be influenced by environment-variable prefixes, causing denylisted commands to be treated as allowed. This byp...

8.6CVSS6AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 5:31 p.m.4 views

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS6.1AI score0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:28 p.m.16 views

CVE-2026-54686

Warp: CVE-2026-54686 enables DCS lifecycle hook spoofing in Warp’s PTY stream, allowing attacker-controlled terminal output to spoof lifecycle metadata (e.g., working directory, SSH transport metadata) for active sessions. Technical details in connected PoC describe additional remote command inje...

4.3CVSS5.9AI score0.00278EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/24 5:28 p.m.35 views

CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS0.00278EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52028

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.10.08.08.12.stable 00 through 0.2026.05.06.15.42.stable 00 Description A command execution permission-check bypass exists in the default unsandboxed CLI agent profile. This profile is non-interactive and utilizes a command...

8.6CVSS6AI score0.00145EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46881

Name of the Vulnerable Software and Affected Versions Nhost CLI affected versions not specified Description The hidden configserver used by nhost dev exposes the Mimir GraphQL API with permissive CORS and dummy authorization directives. This allows any process capable of reaching the developer's...

5.4CVSS6AI score0.00033EPSS
Exploits0References7
NVD
NVD
added 2026/06/02 4:16 p.m.14 views

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS0.00373EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/25 1:55 a.m.8 views

[SECURITY] Fedora 44 Update: qt-creator-19.0.0-0.3.fc44

Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...

5.3AI score
Exploits0
NVD
NVD
added 2026/04/22 5:16 p.m.11 views

CVE-2026-5262

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS0.00223EPSS
Exploits0References3
Wiz blog
Wiz blog
added 2026/04/21 12:57 p.m.10 views

Closing the Security Gap in the Age of Agentic Coding

AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/31 12:0 a.m.14 views

CVE-2026-30309

InfCode's InfCode Terminal vulnerability (CVE-2026-30309) stems from a defective command filtering module in the terminal auto-execution feature. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (e.g., powershell), and the matching algorithm lacks dynamic se...

7.8CVSS6.5AI score0.00297EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.5 views

Faraday 5.19.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/12/18 3:15 p.m.7 views

EUVD-2025-204309

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS6.2AI score0.00106EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.26 views

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from a memory corruption when loading invalid firmware in the bootloader...

7.8CVSS6.7AI score0.00076EPSS
Exploits0References1
Rows per page
Query Builder