CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

146 matches found

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS6.3AI score0.0007EPSS

Exploits0References1

NVD•added 6 days ago•10 views

CVE-2026-45261

9.3CVSS0.0007EPSS

Exploits0References1

CVE•added 6 days ago•8 views

CVE-2026-45261

GitButler desktop app (Tauri-based) is affected prior to version 0.19.7. The issue is a link-injection/remote script execution vector where an attacker can inject a malicious link into a pull request body; if a user clicks it, arbitrary script execution occurs in the Tauri webview. The vulnerabil...

9.3CVSS6.3AI score0.0007EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•2 views

CVE-2026-45261

9.3CVSS6.3AI score0.0007EPSS

Exploits0References2Affected Software1

Cvelist•added 6 days ago•25 views

CVE-2026-45261 GitButler: Link injection via forge integration enables arbitrary script execution

9.3CVSS0.0007EPSS

Exploits0References1

EUVD•added 6 days ago•3 views

EUVD-2026-32944

9.3CVSS6.3AI score0.0007EPSS

Exploits0References1

CNNVD•added 6 days ago•4 views

GitButler 代码注入漏洞

GitButler is an open-source modern Git version control interface that supports AI workflows. Versions of GitButler prior to 0.19.7 contained a code injection vulnerability. This vulnerability could allow arbitrary scripts to execute in the Tauri webview due to the malicious links present in the...

9.3CVSS6.1AI score0.0007EPSS

Exploits0References2

Positive Technologies•added 6 days ago•4 views

PT-2026-44412

9.3CVSS6.3AI score0.0007EPSS

Exploits0References2

NVD•added 2026/05/27 3:16 p.m.•7 views

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

8.8CVSS0.00041EPSS

Exploits1References1

ATTACKERKB•added 2026/05/27 2:29 p.m.•5 views

CVE-2026-42184

6.1CVSS5.8AI score0.00041EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/27 2:29 p.m.•6 views

EUVD-2026-32527

6.1CVSS5.8AI score0.00041EPSS

Exploits1References1

Cvelist•added 2026/05/27 2:29 p.m.•35 views

CVE-2026-42184 Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands

6.1CVSS0.00041EPSS

Exploits1References1

CVE•added 2026/05/27 2:29 p.m.•6 views

CVE-2026-42184

Tauri versions 2.0–2.11.0 contain an Origin Confusion flaw in is_local_url() on Windows and Android. The code checks only the first subdomain of the URL, mapping custom URI schemes to http://.localhost/ due to WebView limitations. An attacker can host a page whose subdomain matches the app’s regi...

8.8CVSS5.8AI score0.00041EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/27 2:29 p.m.•5 views

CVE-2026-42184 Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands

6.1CVSS5.8AI score0.00041EPSS

Exploits1References1

CNNVD•added 2026/05/27 12:0 a.m.•4 views

Tauri 安全漏洞

Tauri is an open-source project developed by Tauri developers, aimed at creating smaller, faster, and more secure desktop applications using web frontends. Versions of Tauri from 2.0 to 2.11.0 contain security vulnerabilities. These vulnerabilities stem from the islocalurl function, which...

8.8CVSS5.8AI score0.00041EPSS

Exploits1References1

OSV•added 2026/05/06 4:58 p.m.•6 views

GHSA-7GMJ-67G7-PHM9 Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

6.1CVSS5.8AI score0.00041EPSS

Exploits1References2

Github Security Blog•added 2026/05/06 4:58 p.m.•2 views

Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

8.8CVSS5.8AI score0.00041EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-38262

Summary A flaw in Tauri's is local url function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

6.1CVSS5.8AI score0.00041EPSS

Exploits1References4

vulnersOsv•added 2026/04/30 6:20 p.m.•2 views

@clerk/chrome-extension (>=3.0.0 <=3.1.25-canary.v20260508190534), @clerk/expo (>=3.0.0 <=3.2.11-canary.v20260508190534) +3 more potentially affected by CVE-2026-42349 via @clerk/clerk-js (>=6.0.1-canary.v20260303211310 <=6.7.5-snapshot.v20260421194054)

@clerk/clerk-js NPM version =6.0.1-canary.v20260303211310, =3.0.0, =3.0.0, =0.2.13, =0.2.0, =0.8.3 - tauri-plugin-clerk =0.1.1 Source cves: CVE-2026-42349 Source advisory: SNYK:JS-CLERKCLERKJS-16347748...

7.6CVSS5.8AI score0.00046EPSS

Exploits0