29 matches found
CVE-2026-48704 Warp Markdown notebook links may open executable local files
Warp is an agentic development environment. From 0.2023.10.24.08.03.stable00 until 0.2026.05.06.15.42.stable01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...
EUVD-2025-14660
Malicious code in bioql PyPI...
CVE-2025-46094
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript...
CVE-2025-46094
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript...
CVE-2025-46094
LiquidFiles is affected prior to version 4.1.2 by a directory traversal vulnerability triggered when the pathname of a local executable file is configured as an Actionscript. The issue exposes risk to confidentiality (Low) and integrity (Low) with no availability impact in the CVE metrics. Concre...
CVE-2025-46094
LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript...
SUSE CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
DEBIAN-CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
kitty 安全漏洞
kitty is a Python-based GPU terminal emulation software by Kovid Goyal, an individual developer in India. The software provides basic terminal functionality and GPU-based rendering reduces system load, uses OpenGL for rendering, and can be supported on Linux and Mac. A security vulnerability exis...
CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
PT-2025-17401 · Kitty +1 · Kitty +1
Name of the Vulnerable Software and Affected Versions: kitty versions prior to 0.41.0 Description: The issue concerns the open actions.py script in kitty, which does not request user confirmation before executing a local executable file. This file may have been linked from an untrusted document,...
CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
Symfony 命令注入漏洞
Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. Symfony suffers from a command injection vulnerability that originates from the presence of an executable file named cmd.exe in the current working directory, which could lead to...
SUSE CVE-2024-39904
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
CVE-2024-39904
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
CVE-2024-5988
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™...
SUSE CVE-2024-27303
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...
DEBIAN-CVE-2022-1976
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation...