Lucene search
K

4 matches found

NVD
NVD
added 2026/06/23 8:16 p.m.6 views

CVE-2026-54325

Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded...

4.4CVSS0.00118EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 7:22 p.m.18 views

CVE-2026-54325

Pi loads project-local extensions without approval in versions before 0.79.0. Before 0.79.0, startup could pull in repository-specific resources from a .pi directory, including executable project-local extensions (TypeScript/JavaScript modules) that run inside the Pi process. An attacker controll...

4.4CVSS6AI score0.00118EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/17 1:55 p.m.11 views

Pi Agent: Pi loads project-local extensions without approval

Pi loads project-local extensions without approval Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript...

4.4CVSS5.6AI score0.00118EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50492

Name of the Vulnerable Software and Affected Versions Pi versions prior to 0.79.0 Description Pi loaded project-local configuration and resources from a repository's .pi directory, including executable TypeScript or JavaScript modules known as project-local extensions, without requiring the user ...

4.4CVSS6.3AI score0.00118EPSS
Exploits0References13
Rows per page
Query Builder