Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-44688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.11 views

[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References6Affected Software7
Snyk
Snyk
added 2026/06/18 6:35 p.m.8 views

Unsafe Dependency Resolution

Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.8 views

Unsafe Dependency Resolution

Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introduci...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.5 views

Unsafe Dependency Resolution

Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 2:22 p.m.16 views

CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.4CVSS0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 2:22 p.m.11 views

EUVD-2026-37898

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.4CVSS5.7AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-0830

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...

8.4CVSS7.6AI score0.01279EPSS
Exploits0References1
CVE
CVE
added 2026/01/09 9:10 p.m.17 views

CVE-2026-0830

CVE-2026-0830 affects Kiro IDE (pre-0.6.18). The vulnerability arises from processing specially crafted workspace folder names in the GitLab Merge Request helper, which can lead to arbitrary command injection on the user’s machine when opening malicious workspaces. Public sources (NVD, Red Hat, C...

8.4CVSS7.1AI score0.01279EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/09 9:10 p.m.22 views

CVE-2026-0830 Command Injection in Kiro GitLab Merge Request Helper

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...

8.4CVSS0.01279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 9:10 p.m.5 views

CVE-2026-0830 Command Injection in Kiro GitLab Merge Request Helper

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...

8.4CVSS7.1AI score0.01279EPSS
Exploits0References2
Kitploit
Kitploit
added 2018/10/29 12:35 p.m.39 views

Faraday v3.2 - Collaborative Penetration Test and Vulnerability Management Platform

Here is a list of all the goodies in Faraday v3.2: Workspace names- with numbers! With this new version, workspaces’ names are now allowed to start with numbers before they could only start with letters. Search unconfirmed vulns In this version was added the filter to be able to show unconfirmed...

6.8AI score
Exploits0
Rows per page
Query Builder