4850 matches found
CVE-2026-54686
Warp: CVE-2026-54686 enables DCS lifecycle hook spoofing in Warp’s PTY stream, allowing attacker-controlled terminal output to spoof lifecycle metadata (e.g., working directory, SSH transport metadata) for active sessions. Technical details in connected PoC describe additional remote command inje...
CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...
CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...
CVE-2026-54699
Warp is an agentic development environment. From 0.2024.03.12.08.02.stable01 until 0.2026.05.06.15.42.stable01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...
CVE-2026-54699
Warp contains an OS command injection in the WSL URL-opening fallback. When Warp runs under WSL and cannot open a URL via wslview, it uses a Windows command processor path, and a URL controlled through terminal output can reach this fallback when opened. Affected versions range from 0.2024.03.12....
CVE-2026-54699 Warp: OS command injection when opening terminal links from WSL
Warp is an agentic development environment. From 0.2024.03.12.08.02.stable01 until 0.2026.05.06.15.42.stable01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...
CVE-2026-48725
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...
CVE-2026-48725 Warp may allow terminal output to access the local clipboard through OSC 52
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...
CVE-2026-48725
Warp exposes a vulnerability where terminal output can request access to the local clipboard via OSC 52. From build 0.2021.04.25.23.05.stable_00 up to 0.2026.05.06.15.42.stable_01, a malicious remote host or attacker-controlled terminal output source could trigger reads or writes to the user’s cl...
CVE-2026-48725 Warp may allow terminal output to access the local clipboard through OSC 52
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...
PT-2026-52034
Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...
PT-2026-51976
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sixpack receive buf function where bytes with TTY error flags are not properly skipped. The function iterates through the flags buffer without advancing the data...
CVE-2026-54326
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...
CVE-2026-54017
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...
CVE-2026-54017
Open WebUI vulnerability CVE-2026-54017 affects the terminal-server proxy in backend/open_webui/routers/terminals.py before version 0.9.6. An authenticated non-admin user can craft the request path to perform traversal and SSRF to the terminal server and potentially internal services. Two vectors...
CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...
CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...
USN-8451-1 vim vulnerabilities
Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...
Information Exposure
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Vim < 9.2.0565 Out-of-Bounds Read (GHSA-47gw-8gc3-mgcm)
The version of Vim installed on the remote host is prior to 9.2.0565. It is, therefore, affected by a vulnerability as referenced in the GHSA-47gw-8gc3-mgcm advisory. - The updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is...