CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Positive Technologies•added 2026/05/20 12:0 a.m.•4 views

PT-2026-42169

Name of the Vulnerable Software and Affected Versions Evince versions prior to 48.2 Atril versions prior to 1.26.3 Atril versions prior to 1.28.4 Xreader versions prior to 3.6.7 Xreader versions prior to 4.6.4 Description Command injection is possible when processing PDF /GoToR actions due to...

6.2AI score

Exploits0References19

Vulnrichment•added 2026/04/21 1:19 a.m.•1 views

CVE-2026-39866 Lawnchair vulnerable to Command Injection via unquoted workflow dispatch input in release_update.yml

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in releaseupdate.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...

8.7CVSS6AI score0.00072EPSS

Exploits2References2

CVE•added 2026/04/21 1:19 a.m.•13 views

CVE-2026-39866

CVE-2026-39866 affects Lawnchair for Android. The bug is in the release_update.yml GitHub Actions workflow: an unquoted input (artifactName) is injected into a bash command, allowing command execution on the runner. A patch commit fcba413f55dd47f8a3921445252849126c6266b2 fixes the issue; affected...

8.8CVSS6AI score0.00072EPSS

Exploits2References2Affected Software1