Lucene search
K

147 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-44688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without...

8.8CVSS6AI score0.00231EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs witho...

6.7CVSS6.1AI score0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.5 views

Unsafe Dependency Resolution

Overview @theia/workspace is a Theia - Workspace Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by...

8.8CVSS6.3AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.6 views

Unsafe Dependency Resolution

Overview @theia/task is a Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend. Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. A...

8.8CVSS6.3AI score0.00231EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.11 views

[Eclipse Theia] Arbitrary Command Execution via Untrusted Workspace Task Definitions

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.8 views

[Eclipse Theia] Indirect Prompt Injection via Auto-Loaded Workspace Prompt Template Files in AI Chat

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...

8.8CVSS6AI score0.00272EPSS
Exploits0References6Affected Software6
Snyk
Snyk
added 2026/06/18 6:35 p.m.7 views

Unsafe Dependency Resolution

Overview @theia/debug is a Theia - Debug Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a...

8.8CVSS6.3AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.4 views

Unsafe Dependency Resolution

Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.11 views

[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References6Affected Software7
Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.9 views

[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

6.7CVSS6AI score0.00181EPSS
Exploits0References6Affected Software7
Snyk
Snyk
added 2026/06/18 6:35 p.m.8 views

Unsafe Dependency Resolution

Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introduci...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.6 views

Unsafe Dependency Resolution

Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.8 views

Unsafe Dependency Resolution

Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.9 views

Unsafe Dependency Resolution

Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.5 views

Unsafe Dependency Resolution

Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.6 views

Unsafe Dependency Resolution

Overview @theia/ai-core is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing special...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 4:16 p.m.11 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.8CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 4:16 p.m.11 views

CVE-2026-46580

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...

8.8CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder