CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

143 matches found

SUSE CVE•added 2026/05/18 1:21 p.m.•7 views

SUSE CVE-2026-45803

gh is GitHub's official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

3.5CVSS6AI score0.00034EPSS

Exploits1References3

CVE•added 2026/05/15 3:26 p.m.•11 views

CVE-2026-45803

GitHub CLI (gh) vulnerability: from v1.6.0 to before v2.92.0, terminal escape sequences could be injected via workflow logs when using gh run view --log or --log-failed, due to unsanitized raw log output. An attacker controlling Actions logs (e.g., PR-triggered workflows) could cause terminal man...

3.5CVSS6AI score0.00034EPSS

Exploits1References1Affected Software1

Snyk•added 2026/04/10 5:8 p.m.•1 views

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via the ForwardToWall process. An attacker can inject ANSI escape sequences into user terminals by executing a logger -p emerg command when the relevant configuration is enabled. This is only...

3.3CVSS5.8AI score0.00005EPSS

Exploits1References2

Snyk•added 2026/03/29 3:50 p.m.•2 views

Improper Neutralization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization via the approval prompt process. An attacker can inject malicious ANSI escape sequences into terminal output by supplying crafted tool metadata, potentially spoofi...

5.3CVSS5.9AI score0.00033EPSS

Exploits0References3

CVE•added 2026/02/12 8:6 p.m.•7 views

CVE-2026-25996

CVE-2026-25996 affects Inspektor Gadget when running ig run interactively in the columns output mode. String fields from eBPF events rendered in columns are not sanitized, allowing forged event payloads from a container to inject ANSI escape sequences into the terminal, with possible effects as d...

9.8CVSS5.6AI score0.00029EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2026/01/16 12:0 a.m.•5 views

MiracleLinux 7 : ruby-2.0.0.648-35.0.1.el7.AXS7 (AXSA:2019-3890:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3890:02 advisory. rubygems: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8324 rubygems: Escape sequence injection vulnerability in gem own...

8.8CVSS7.6AI score0.00501EPSS

Exploits0References5

Tenable Nessus•added 2026/01/13 12:0 a.m.•2 views

Fedora 43 : composer (2026-0b03072979)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0b03072979 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...

5.3CVSS6AI score0.00018EPSS

Exploits0References2

OSV•added 2026/01/08 11:35 a.m.•2 views

BIT-COMPOSER-2025-67746 Composer vulnerable to ANSI sequence injection

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

5.3CVSS6.6AI score0.00018EPSS

Exploits0References6

OSV•added 2025/12/30 5:44 p.m.•2 views

GHSA-59PP-R3RG-353G Composer is vulnerable to ANSI sequence injection

Impact Attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit...

5.1CVSS6.7AI score0.00018EPSS

Exploits0References7

Mageia•added 2025/11/24 6:27 p.m.•27 views

Updated ruby-rack packages fix security vulnerabilities

Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...

7.5CVSS6.9AI score0.01354EPSS

Exploits1References2

OSV•added 2025/11/24 6:27 p.m.•1 views

MGASA-2025-0311 Updated ruby-rack packages fix security vulnerabilities

7.5CVSS7.1AI score0.01354EPSS

Exploits1References3

OSV•added 2025/11/04 3:11 p.m.•4 views

CLSA-2025-1762269073 Fix CVE(s): CVE-2018-1000500, CVE-2022-28391, CVE-2023-39810

SECURITY UPDATE: missing SSL certificate validation vulnerability in wget - debian/patches/CVE-2018-1000500-1.patch: implement TLS verification with CENABLEFEATUREWGETOPENSSL - debian/patches/CVE 2018-1000500-2.patch: fix openssl options for cert verification - CVE-2018-1000500 SECURITY UPDATE:...

8.8CVSS5.8AI score0.03075EPSS

Exploits1References1