Lucene search
+L

813 matches found

OSV
OSV
added 2026/03/29 3:50 p.m.2 views

GHSA-4HMJ-39M8-JWC7 OpenClaw has ACP CLI approval prompt ANSI escape sequence injection

Summary ACP CLI approval prompt ANSI escape sequence injection Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.2.13, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details ACP tool titles could previously...

5.3CVSS5.9AI score0.0026EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/29 3:50 p.m.31 views

OpenClaw has ACP CLI approval prompt ANSI escape sequence injection

Summary ACP CLI approval prompt ANSI escape sequence injection Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.2.13, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details ACP tool titles could previously...

5.3CVSS5.9AI score0.0026EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

10CVSS6.2AI score0.01993EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 4:16 p.m.4 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

10CVSS0.01993EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

6.2AI score0.01993EPSS
Exploits0References2
CVE
CVE
added 2026/03/27 12:0 a.m.17 views

CVE-2026-30303

CVE-2026-30303 concerns Axon Code’s command auto-approval module, which is vulnerable to OS Command Injection. The root cause is the use of an incompatible Unix-style command parser (shell-quote) on Windows, coupled with improper handling of Windows CMD escape sequences (^). This mismatch allows ...

9.8CVSS6.2AI score0.01376EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30303

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

6.2AI score0.01376EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 7:27 p.m.5 views

CVE-2026-3108

A flaw was found in Mattermost. This vulnerability in the mmctl command-line interface allows attackers to manipulate administrator terminals. By sending specially crafted messages containing ANSI and Operating System Command OSC escape sequences, an attacker can enable screen manipulation, displ...

8CVSS5.8AI score0.00268EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 6:31 p.m.16 views

Mattermost allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

8.8CVSS5.9AI score0.00268EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/26 4:16 p.m.21 views

CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

8CVSS0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:16 p.m.2 views

CVE-2026-3108

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

8CVSS5.8AI score0.00268EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.10 views

PT-2026-28419

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The software does not properly sanitize user-controlled post...

8.8CVSS5.9AI score0.00268EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 1:26 p.m.11 views

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.

Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...

9.6CVSS5.8AI score0.66535EPSS
Exploits4Affected Software1
Rosalinux
Rosalinux
added 2026/03/22 6:55 p.m.9 views

Advisory ROSA-SA-2026-3225

software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-2 affected versions busybox-1.37.0-2 CVE-ID: CVE-2025-46394 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In tar in BusyBox, file names in a TAR archive can be hidden in the list output using terminal escape sequences...

3.3CVSS7AI score0.00158EPSS
Exploits0
EUVD
EUVD
added 2026/03/20 6:31 p.m.8 views

EUVD-2025-208899

An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...

8.4CVSS5.8AI score0.00184EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:21 p.m.5 views

CVE-2025-62845

An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...

8.4CVSS5.8AI score0.00184EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 4:21 p.m.4 views

CVE-2025-62845 QuRouter

An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...

8.4CVSS5.8AI score0.00184EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

QNAP Systems QHora 安全漏洞

QNAP Systems QHora is a router product of QNAP Systems, a company based in Taiwan, China. There is a security vulnerability in QNAP Systems QHora, which stems from improper handling of escape characters, meta-characters, or control sequences. This vulnerability may allow local attackers to obtain...

8.4CVSS7.1AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.15 views

PT-2026-26635

Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.3.009 Description An improper neutralization of escape, meta, or control sequences vulnerability exists in QHora. A local attacker with administrator privileges can exploit this issue to cause unexpected behavior...

8.4CVSS7AI score0.00184EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS 2.0 SP11 : aide (EulerOS-SA-2026-1569)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

6.2CVSS5.9AI score0.00231EPSS
Exploits2References3
Rows per page
Query Builder