CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Positive Technologies•added 2026/05/19 12:0 a.m.•12 views

PT-2026-42169

Name of the Vulnerable Software and Affected Versions Atril versions prior to 1.26.3 Atril versions prior to 1.28.4 Evince affected versions not specified Xreader versions prior to 3.6.7 Xreader versions prior to 4.6.4 Papers affected versions not specified Description A command injection issue...

8.4CVSS6AI score0.00555EPSS

Exploits0References45

Vulnrichment•added 2026/04/21 1:19 a.m.•2 views

CVE-2026-39866 Lawnchair vulnerable to Command Injection via unquoted workflow dispatch input in release_update.yml

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in releaseupdate.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...

8.7CVSS6AI score0.02349EPSS

Exploits2References2

CVE•added 2026/04/21 1:19 a.m.•20 views

CVE-2026-39866

CVE-2026-39866 affects Lawnchair for Android. The bug is in the release_update.yml GitHub Actions workflow: an unquoted input (artifactName) is injected into a bash command, allowing command execution on the runner. A patch commit fcba413f55dd47f8a3921445252849126c6266b2 fixes the issue; affected...

8.8CVSS6AI score0.02349EPSS

Exploits2References2Affected Software1