Lucene search
K

2171 matches found

Debian CVE
Debian CVE
added 2026/05/15 3:26 p.m.10 views

CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

3.5CVSS6AI score0.002EPSS
Exploits1
CVE
CVE
added 2026/05/15 3:26 p.m.34 views

CVE-2026-45803

GitHub CLI (gh) vulnerability: from v1.6.0 to before v2.92.0, terminal escape sequences could be injected via workflow logs when using gh run view --log or --log-failed, due to unsanitized raw log output. An attacker controlling Actions logs (e.g., PR-triggered workflows) could cause terminal man...

3.5CVSS6AI score0.002EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 3:26 p.m.22 views

CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

3.5CVSS6AI score0.002EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 3:26 p.m.8 views

CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

3.5CVSS6AI score0.002EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

GitHub CLI 安全漏洞

GitHub CLI is an open-source command-line interface for GitHub. Versions of GitHub CLI from 1.6.0 to 2.92.0 contained a security vulnerability. This vulnerability stemmed from the lack of cleaning terminal control sequences when processing GitHub Actions workflow logs. It could allow attackers to...

3.5CVSS5.9AI score0.002EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41313

Name of the Vulnerable Software and Affected Versions gh versions 1.6.0 through 2.91.x Description GitHub CLI allows terminal escape sequence injection when users view GitHub Actions workflow logs. The issue occurs because the 'gh run view --log' and 'gh run view --log-failed' commands stream...

3.5CVSS6.1AI score0.002EPSS
Exploits1References13
OSV
OSV
added 2026/05/14 2:43 a.m.11 views

MGASA-2026-0137 Updated perl-XML-LibXML packages fix security vulnerability

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. CVE-2026-8177...

7.5CVSS5.8AI score0.00531EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

Unity Linux 20.1070a Security Update: git (UTSA-2026-021309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021309 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...

4.7CVSS6AI score0.00643EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 4:16 p.m.44 views

CVE-2026-44288

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

5.3CVSS0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40534

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths that accepts overlong UTF-8 byte sequences—sequences that use more bytes...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

Dapr 路径遍历漏洞

Dapr is a portable, serverless, event-driven runtime developed by Dapr Open Source. Versions of Dapr from 1.3.0 to 1.15.14, as well as versions from 1.16.0-rc.1 to 1.16.14 and from 1.17.0-rc.1 to 1.17.5, have a path traversal vulnerability. This vulnerability stems from the use of reserved URL...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/07 6:0 p.m.14 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/05/07 5:29 p.m.9 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
OSV
OSV
added 2026/05/07 7:30 a.m.7 views

SUSE-SU-2026:21572-1 Security update for iproute2

This update for iproute2 fixes the following issues: Security issues fixed: - CVE-2024-58251: terminal lock up via ANSI terminal escape sequence set in argv0 bsc1254324. Other updates and bugfixes: - Fix package for immutable mode jscPED-14787. - Add netshaper support bsc1253044. - Add follow-up...

2.5CVSS5.8AI score0.00238EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser prior to 5.7.0 contained security vulnerabilities. These...

6.1CVSS6.2AI score0.00238EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/06 8:34 a.m.51 views

CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

0.00357EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 6:52 p.m.9 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of resource path matching and authorization checks. An attacker can gain unauthorized access to protected resources or perform unauthorized actions by crafting requests that exploit...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References3
Redos
Redos
added 2026/05/05 12:0 a.m.5 views

ROS-20260505-73-0047

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

6CVSS7.3AI score0.0048EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.5 views

ROS-20260505-73-0060

A vulnerability in the email module of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow a remote attacker to compromise the integrity of protected information...

6CVSS7.2AI score0.0056EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.8 views

ROS-20260505-73-0041

Vulnerability in python3.10 related to failure to take measures to neutralize crlf sequences. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

5.7CVSS6.2AI score0.0055EPSS
Exploits0
Rows per page
Query Builder