Vulnerabilities in prolix-oc
5 resultsCVE-2026-44449CRITICALLumiverse: SMB `exists()` basename injection via smbclient `!cmd` escapeEPSS 0.5%CVE-2026-44450CRITICALLumiverse: RCE via MCP stdio argument injectionEPSS 0.4%CVE-2026-44444CRITICALLumiverse: Spindle extension install runs untrusted lifecycle scripts before security scanEPSS 0.4%CVE-2026-44451CRITICALLumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypassEPSS 0.2%CVE-2026-44443MEDIUMLumiverse: Sign-up nonce race condition allows unauthorized account registrationEPSS 0.1%