Filtered by vendor Openai
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55345 | 1 Openai | 1 Codex | 2025-08-13 | 8.8 High |
| Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory. | ||||
| CVE-2025-7021 | 1 Openai | 1 Operator | 2025-07-24 | 6.5 Medium |
| Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site. | ||||
| CVE-2025-43714 | 1 Openai | 1 Chatgpt | 2025-06-12 | 6.5 Medium |
| The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers. | ||||
Page 1 of 1.