skim-4.6.1-1.1 on GA media (moderate)

skim-4.6.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10683-1 Rating: moderate Cross-References: CVE-2026-41414 CVSS scores: CVE-2026-41414 SUSE : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

OPENSUSE-SU-2026:10683-1 skim-4.6.1-1.1 on GA media

These are all security issues fixed in the skim-4.6.1-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-41414

CVE-2026-41414 affects Skim. The vulnerability allows arbitrary code execution via the generate-files workflow in .github/workflows/pr.yml, where the workflow checks out code from an attacker-controlled fork and runs it with access to SKIM_RS_BOT_PRIVATE_KEY and GITHUB_TOKEN (contents:write). No ...

PT-2026-35057

Name of the Vulnerable Software and Affected Versions Skim affected versions not specified Description The generate-files job in the '.github/workflows/pr.yml' file checks out code from an attacker-controlled fork and executes it via the cargo run command. This process allows access to the SKIM R...

skim 代码注入漏洞

Skim is a fuzzy search and rapid file location tool developed by skim-rs. Skim has a code injection vulnerability, which stems from the generate-files task in pr.yml checking and executing forked code controlled by the attacker, potentially leading to key leakage. The following versions are...

Fedora: Security Advisory for rust-skim (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: rust-skim-0.10.4-4.fc39

Fuzzy Finder in rust!...

Fedora: Security Advisory for rust-skim (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-skim-0.10.4-4.fc40

Fuzzy Finder in rust!...

skim-post-obzor.ucoz.org Cross Site Scripting vulnerability OBB-3873605

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Anyone can receive funds from the Well.sol contract, thus reducing the token/tokenLp ratio for users

Lines of code Vulnerability details Impact In Well.sol skim, anyone can withdraw funds that are not in reserve by simply calling the function. Such funds may remain, for example, when transactions are rounded off. To credit extra tokens, reservetoken has sync. However, you can programmatically...

Anyone can call Well.sol skim method and transfer excessive tokens to its address.

Lines of code Vulnerability details Impact Excessive tokens balance of Well.sol more than returned from getReserves can be transferred by anyone to his account. Proof of Concept After getting hold token's instances from Well.sol contract tokens we can check the balances of Contract of Each token...

Potential token duplication validation bypass

Lines of code Vulnerability details Impact Potential token duplication validation bypass Proof of Concept The loop statement in init function will check if there is duplicated token for a Well. function initstring memory name, string memory symbol public initializer ERC20Permitinitname;...

Well.sol::skim() anyone can transfer excess funds to their account.

Lines of code Vulnerability details Description The skim is designed to transfer excess tokens held by the contract to a specified recipient. However, it lacks proper access control checks, allowing any user to initiate the transfer of excess tokens, regardless of ownership. This presents a...

Stealing excess tokens from other users by either front-running skim function or calling it before legitimate user

Lines of code Vulnerability details Impact File /src/interfaces/IWell.sol comment's defines what the skim function is being responsible for: / @notice Sends excess tokens held by the Well to the recipient. @param recipient The address to send the tokens @return skimAmounts The amount of each toke...