CVE-2026-8765

A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...

Kilo Code 路径遍历漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the Bun.file function within the File Diff API Endpoint component...

CVE-2026-33718

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

CVE-2026-33718

OpenHands CVE-2026-33718 is a command-injection vulnerability disclosed across multiple feeds. It affects the get_git_diff() path in OpenHands 1.5.0 and earlier when the path parameter from the /api/conversations/{conversation_id}/git/diff endpoint is unsafely interpolated into a shell command (g...

GHSA-7H8W-HJ9J-8RJW OpenHands is Vulnerable to Command Injection through its Git Diff Handler

Summary A Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitra...

CVE-2026-24685

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

EUVD-2026-4879

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

CVE-2026-24685

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

CVE-2026-24685

CVE-2026-24685 affects OpenProject prior to 16.6.6 and 17.0.2. The vulnerability arises in the repository diff download endpoint when rendering a single revision with git show; an attacker can inject git show options by supplying a crafted rev (e.g., rev=--output=/tmp/poc.txt), causing OpenProjec...

CVE-2026-24685 OpenProject has Argument Injection on Repository module that allows Arbitrary File Write

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

PT-2026-5149

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.6 OpenProject versions prior to 17.0.2 Description OpenProject is a web-based project management software. A file write issue exists in the repository diff download endpoint /projects/:project...