Lucene search
+L

87 matches found

Snyk
Snyk
added 2026/07/09 8:43 a.m.5 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ssh process. An attacker can execute arbitrary commands on the operator's workstation by injecting malicious OpenSSH options when the operator runs non-interactive SSH commands. Remediation Upgrade...

8.3CVSS7.2AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 6:25 a.m.13 views

CVE-2026-47829

CVE-2026-47829 describes an argument injection flaw in bosh-cli that lets a compromised BOSH Director inject arbitrary OpenSSH options into the locally-spawned ssh process when operators run non-interactive SSH paths (e.g., bosh ssh -c, bosh logs -f). This can lead to local command execution on t...

8.3CVSS7.4AI score0.00225EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 5:31 p.m.36 views

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:31 p.m.29 views

CVE-2026-48721

Warp: The default unsandboxed CLI agent profile uses a command denylist as a safety boundary. From 0.2025.10.08.08.12.stable_00 to 0.2026.05.06.15.42.stable_01, Warp’s command output can be influenced by environment-variable prefixes, causing denylisted commands to be treated as allowed. This byp...

8.6CVSS6AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 5:31 p.m.5 views

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS6.1AI score0.00145EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/11 4:39 a.m.70 views

claude-code-f002-poc

F002: Supply Chain Attack via Non-Interactive Workspace Trust...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.14 views

CVE-2026-44479

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS5.5AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 12:0 a.m.24 views

MAL-2026-4212 Malicious code in polymarket-claude-code (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/19 6:13 p.m.17 views

MAL-2026-4729 Malicious code in whiteboard-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584 On npm install, scripts/postinstall.js fetches a companion-- binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... —...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.50 views

CVE-2026-44479

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS0.0016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 3:36 p.m.8 views

CVE-2026-44479 Vercel: Non-interactive mode includes CLI arguments in suggested command output

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 3:36 p.m.56 views

CVE-2026-44479 Vercel: Non-interactive mode includes CLI arguments in suggested command output

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS0.0016EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:36 p.m.6 views

CVE-2026-44479

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 3:36 p.m.21 views

CVE-2026-44479

CVE-2026-44479 affects Vercel’s AI Cloud CLI between versions 50.16.0 and 52.0.0. In non-interactive mode, commands that cannot complete autonomously emit JSON payloads with follow-up commands, and if a token is supplied on the CLI (via --token/-t), the token value is included verbatim in those s...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

vercel 信息泄露漏洞

Vercel is an open-source cloud platform for application development and deployment. Versions of Vercel from 50.16.0 to 52.0.0 have a vulnerability related to information leakage. This vulnerability arises when commands that cannot be executed autonomously are run in non-interactive mode. If...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/07 12:5 a.m.50 views

Insertion of Sensitive Information into Log File

Overview vercel is a The command-line interface for Vercel Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the suggested follow-up commands in --non-interactive mode or auto-detected AI agent when a command cannot complete autonomously. An...

6.8CVSS5.8AI score0.0016EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/07 12:5 a.m.10 views

NPM: Vercel: Non-interactive mode includes CLI arguments in suggested command output

NPM: Vercel: Non-interactive mode includes CLI arguments in suggested command output vulnerability discovered by ? in WordPress Npm vercel versions = 50.16.0, = 52.0.0...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 12:5 a.m.11 views

Vercel: Non-interactive mode includes CLI arguments in suggested command output

Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 12:5 a.m.4 views

GHSA-PGF8-2HGJ-GRQG Vercel: Non-interactive mode includes CLI arguments in suggested command output

Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.27 views

PT-2026-38406

Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
Rows per page
Query Builder