29552 matches found
PT-2026-7359
Name of the Vulnerable Software and Affected Versions GitHub Copilot and Visual Studio affected versions not specified Description The software contains a command injection issue due to improper neutralization of special elements used in commands. A successful exploit could allow an authorized...
PT-2026-7401
Name of the Vulnerable Software and Affected Versions Github Copilot affected versions not specified Description A command injection issue exists in Github Copilot. This allows a remote, unauthorized attacker to execute code over a network. The issue is related to a failure to sanitize data at th...
Microsoft GitHub Copilot and Visual Studio 代码注入漏洞
Microsoft GitHub Copilot and Visual Studio are generative AI tools developed by the American company Microsoft. There is a code injection vulnerability in Microsoft GitHub Copilot and Visual Studio. Attackers can exploit this vulnerability to execute code remotely. The following products and...
KLA90877 ACE vulnerability in Microsoft Copilot Plugin
A remote code execution vulnerability was found in Microsoft Copilot Studio. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions. Original advisories CVE-2026-21516 Exploitation Related products GitHub-Copilot-Plugin CVE list CVE-2026-21516...
PT-2026-7358
Name of the Vulnerable Software and Affected Versions GitHub Copilot and Visual Studio affected versions not specified Description A flaw exists in the code generation management of the software development tool. Successful exploitation could allow a remote attacker to execute arbitrary code. Thi...
Microsoft GitHub Copilot and Visual Studio 命令注入漏洞
Microsoft GitHub Copilot and Visual Studio are generative AI tools developed by the American company Microsoft. There are command injection vulnerabilities in Microsoft GitHub Copilot and Visual Studio. Attackers can exploit these vulnerabilities to gain higher privileges. The following products...
Microsoft GitHub Copilot and Visual Studio 安全漏洞
Microsoft GitHub Copilot and Visual Studio are generative AI tools developed by the American company Microsoft. There are security vulnerabilities in Microsoft GitHub Copilot and Visual Studio. Attackers can exploit these vulnerabilities to execute code remotely...
CVE-2026-25761
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25761
The CVE describes a command injection in the Super-linter GitHub Action affecting versions 6.0.0–8.3.0, where file discovery can execute shell command substitution embedded in filenames, enabling arbitrary command execution in the workflow runner and potential disclosure of the job’s GITHUB_TOKEN...
CVE-2026-25761 Command injection via crafted filenames in Super-linter Action
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25761 Command injection via crafted filenames in Super-linter Action
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25761 Command injection via crafted filenames in Super-linter Action
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25598
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action Community Tier that allows outbound network connections to evade audit logging. Specifically, outbound traffi...
CVE-2026-25491
creationtimestamp| type| source ---|---|--- 2026-02-09 18:04:34+00:00| published-proof-of-concept| https://github.com/craftcms/cms/security/advisories/GHSA-7pr4-wx9w-mqwr...
CVE-2026-25492
creationtimestamp| type| source ---|---|--- 2026-02-09 18:01:35+00:00| published-proof-of-concept| https://github.com/craftcms/cms/security/advisories/GHSA-96pq-hxpw-rgh8...
GHSA-R79C-PQJ3-577X Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action
Summary The Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $.... In...
Harden-Runner 安全漏洞
Harden-Runner is a program open source by StepSecurity. It provides network exit filter and runtime security for both GitHub-hosted and self-hosted runners. Versions of Harden-Runner prior to 2.14.2 contained security vulnerabilities. These vulnerabilities allowed outbound network connections to...
PT-2026-7152
Name of the Vulnerable Software and Affected Versions Super-linter versions 6.0.0 through 8.3.0 Description Super-linter is susceptible to command injection through specially crafted filenames. When used in GitHub Actions workflows, an attacker submitting a pull request with a file containing she...
CVE-2026-25479
creationtimestamp| type| source ---|---|--- 2026-02-08 13:38:24+00:00| published-proof-of-concept| https://github.com/litestar-org/litestar/security/advisories/GHSA-93ph-p7v4-hwh4...
GHSA-MHG7-666J-CQG4
creationtimestamp| type| source ---|---|--- 2026-02-08 04:40:05+00:00| seen| https://gist.github.com/alon710/7bbde07266f0ce6a4608d33da3c417d3...