Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10022 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/27 2:0 p.m.3 views

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00032EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinuxadded 2026/03/27 2:0 p.m.3 views

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00032EPSS
Exploits0
Cvelist
Cvelistadded 2026/03/27 2:0 p.m.21 views

CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS0.00032EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/27 2:0 p.m.0 views

CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00032EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/03/27 2:0 p.m.2 views

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00032EPSS
Exploits0
PyPA
PyPAadded 2026/03/27 1:16 a.m.10 views

PYSEC-2026-106

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

9.9CVSS6.1AI score0.0025EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/03/27 1:16 a.m.5 views

CVE-2026-33718

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

9.9CVSS0.0025EPSS
Exploits1References5
OSV
OSVadded 2026/03/27 1:16 a.m.5 views

PYSEC-2026-106

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

9.9CVSS6.1AI score0.0025EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/03/27 12:12 a.m.4 views

CVE-2026-33718

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

7.6CVSS6.1AI score0.0025EPSS
Exploits1References6Affected Software1
CVE
CVEadded 2026/03/27 12:12 a.m.12 views

CVE-2026-33718

OpenHands CVE-2026-33718 is a command-injection vulnerability disclosed across multiple feeds. It affects the get_git_diff() path in OpenHands 1.5.0 and earlier when the path parameter from the /api/conversations/{conversation_id}/git/diff endpoint is unsafely interpolated into a shell command (g...

9.9CVSS6.1AI score0.0025EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/27 12:12 a.m.2 views

CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

7.6CVSS6.1AI score0.0025EPSS
Exploits1References5
OSV
OSVadded 2026/03/27 12:12 a.m.3 views

CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

7.6CVSS6.1AI score0.0025EPSS
Exploits1References7
Cvelist
Cvelistadded 2026/03/27 12:12 a.m.27 views

CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

7.6CVSS0.0025EPSS
Exploits1References5
CVE
CVEadded 2026/03/27 12:0 a.m.5 views

CVE-2026-30303

CVE-2026-30303 affects Axon Code’s command auto-approval module. The root cause is the incorrect use of a Unix-based shell-quote parser to analyze commands on Windows, combined with improper handling of Windows CMD escape sequences (^). Attackers can craft payloads such as git log ^" & malicious_...

9.8CVSS6.2AI score0.00385EPSS
Exploits0References2Affected Software1
Redos
Redosadded 2026/03/27 12:0 a.m.3 views

ROS-20260327-73-0012

Vulnerability in go-git related to lack of integrity checking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

4.3CVSS7.1AI score0.00007EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/03/27 12:0 a.m.0 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

6.2AI score0.0046EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/27 12:0 a.m.17 views

CVE-2026-30303

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

0.00385EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/27 12:0 a.m.0 views

CVE-2026-30303

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

6.2AI score0.00385EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.2 views

PT-2026-28395

Name of the Vulnerable Software and Affected Versions CodeRider-Kilo affected versions not specified Description A flaw exists in the command auto-approval module of CodeRider-Kilo that bypasses its whitelist security mechanism, leading to a potential OS Command Injection. This is due to the use ...

10CVSS6.1AI score0.0046EPSS
Exploits0References3
CVE
CVEadded 2026/03/27 12:0 a.m.4 views

CVE-2026-30302

The CVE-2026-30302 entry describes an OS Command Injection in CodeRider-Kilo’s command auto-approval module. The root cause is using an incompatible Unix shell-quote parser to analyze commands on Windows, coupled with improper handling of Windows CMD escape sequences (^). Attackers can craft payl...

10CVSS6.2AI score0.0046EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder