Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

OpenAI

Source -

CNA

BOS Name -

N/A

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
2Vulnerabilities found
CVE-2025-54558
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 00:00
Updated-25 Jul, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.

Action-Not Available
Vendor-OpenAI
Product-Codex CLI
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-7021
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 14.53%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 19:09
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenAI Operator - API Spoofing through Locking Operator on FullScreen

Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site.

Action-Not Available
Vendor-OpenAI
Product-Operator
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information