Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.11 views

CVE-2026-44466

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.16 views

CVE-2026-44463

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 5:16 p.m.22 views

CVE-2026-44466

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS0.00232EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 5:16 p.m.11 views

CVE-2026-44463

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS0.00232EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 5:16 p.m.8 views

UBUNTU-CVE-2026-44462

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

8.8CVSS6.1AI score0.00438EPSS
Exploits1References3
OSV
OSV
added 2026/05/28 5:16 p.m.9 views

UBUNTU-CVE-2026-44463

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References3
OSV
OSV
added 2026/05/28 5:16 p.m.11 views

UBUNTU-CVE-2026-44466

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/28 4:16 p.m.40 views

CVE-2026-44466 Zed: Allowlist Bypass via Bash Arithmetic Expansion in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS0.00232EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:16 p.m.10 views

CVE-2026-44466

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 4:16 p.m.10 views

CVE-2026-44466 Zed: Allowlist Bypass via Bash Arithmetic Expansion in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:15 p.m.8 views

CVE-2026-44463 Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
CVE
CVE
added 2026/05/28 4:15 p.m.18 views

CVE-2026-44463

Vulnerability summary: Zed code editor before 0.229.0 has a bypass in its terminal tool permission system. Attackers can prepend environment variable assignments to allowlisted commands (e.g., PAGER), hijacking program behavior to execute arbitrary code. Impact: potential remote code execution on...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:15 p.m.8 views

CVE-2026-44463

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/28 4:13 p.m.9 views

EUVD-2026-32938

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

6.4CVSS6.1AI score0.00438EPSS
Exploits1References1
CVE
CVE
added 2026/05/28 4:13 p.m.26 views

CVE-2026-44462

CVE-2026-44462 affects Zed, a code editor. Prior to version 0.229.0, the terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), enabling arbitrary command execution under an allowlisted prefix. The vulnerability is fixed in 0.229.0. In public feeds, analy...

8.8CVSS6.1AI score0.00438EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Zed 操作系统命令注入漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the terminal tool permissions system, which could be bypassed through bash arithmetic extensions, allowing...

8.6CVSS6AI score0.00232EPSS
Exploits1References2
OSV
OSV
added 2026/01/26 6:47 p.m.4 views

USN-7978-1 screen vulnerabilities

It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS...

6.5CVSS6.4AI score0.0054EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-0229

Malware in sbrugna...

6.9CVSS6.1AI score0.00296EPSS
Exploits1References6
OSV
OSV
added 2025/05/26 4:15 p.m.2 views

DEBIAN-CVE-2025-46802

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...

5.3CVSS7.4AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2024/03/27 7:15 p.m.6 views

AZL-37134 CVE-2024-28085 affecting package util-linux for versions less than 2.39.2-2

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

3.3CVSS7.1AI score0.02242EPSS
Exploits3References1
Rows per page
Query Builder