Lucene search
K

111 matches found

OSV
OSV
added last week4 views

PYSEC-2026-1259 CodeChecker open redirect when URL contains multiple slashes after the product name

Summary --- CodeChecker versions up to 6.24.5 contain an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL's path segment. This results in bypassing protections against CVE-2021-28861, leading to the same open redirect pathway. Detai...

6.1CVSS5.9AI score0.00246EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-625 Cross-site Scripting in Ericsson CodeChecker

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

6.1CVSS6.1AI score0.01626EPSS
Exploits1References12
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-317 Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-25660

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

10CVSS5.5AI score0.00447EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 5:58 p.m.19 views

Incorrect Authorization

Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Incorrect Authorization via the Authentication endpoint functions, including getAuthorisedNames, getPermissionsForUser, hasPermission, addPermission, and...

10CVSS5.8AI score0.00447EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 5:58 p.m.6 views

EUVD-2026-25417

Codechecker has an authentication bypass for certain API calls...

10CVSS5.8AI score0.00447EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 5:58 p.m.10 views

Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/05 5:58 p.m.6 views

GHSA-4V9X-CQC5-J645 Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References3
NVD
NVD
added 2026/04/24 2:16 p.m.7 views

CVE-2026-25660

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

10CVSS0.00447EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 1:10 p.m.4 views

CVE-2026-25660

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

10CVSS5.4AI score0.00447EPSS
Exploits0References2
CVE
CVE
added 2026/04/24 1:10 p.m.20 views

CVE-2026-25660

CVE-2026-25660 affects CodeChecker (analyzer tooling, defect DB, and viewer extension for Clang Static Analyzer and Clang-Tidy) up to version 6.27.3. The issue is an authentication bypass triggered when the URL ends with certain function calls, allowing assignment of arbitrary permissions to any ...

10CVSS5.4AI score0.00447EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 1:10 p.m.9 views

CVE-2026-25660 Authentication bypass for certain API calls

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

10CVSS5.4AI score0.00447EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 1:10 p.m.30 views

CVE-2026-25660 Authentication bypass for certain API calls

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

10CVSS0.00447EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

CodeChecker 安全漏洞

CodeChecker is an open-source analysis tool developed by Ericsson, which includes Clang Static Analyzer and Clang Tidy. It also provides a database of defects and extensions for viewers. Versions of CodeChecker prior to 6.27.3 contained security vulnerabilities. These vulnerabilities stemmed from...

10CVSS5.9AI score0.00447EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.9 views

PT-2026-34878

Name of the Vulnerable Software and Affected Versions CodeChecker versions prior to 6.27.4 Description An authentication bypass exists in CodeChecker, an analyzer tooling, defect database, and viewer extension for the Clang Static Analyzer and Clang Tidy. The issue occurs when the URL ends with...

10CVSS5.8AI score0.00447EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.17 views

CVE-2025-1300

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...

7.4CVSS6.9AI score0.0199EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/05 8:40 a.m.7 views

Buffer Overflow

CodeChecker is vulnerable to Buffer Overflow. The vulnerability is due to unsafe handling of input when executing the CodeChecker log command, and attackers can exploit this by supplying crafted log data to cause memory corruption and potentially achieve code execution...

7.8CVSS7.3AI score0.00174EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/29 10:14 p.m.10 views

CVE-2025-40843

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...

7.8CVSS7.2AI score0.00174EPSS
Exploits1References1
PyPA
PyPA
added 2025/10/28 7:15 p.m.15 views

PYSEC-2025-100

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldloggerlibrary, which is executed by the CodeChecker logcommand.This issue affects...

7.8CVSS6AI score0.00174EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/10/28 7:15 p.m.7 views

CVE-2025-40843

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...

7.8CVSS0.00174EPSS
Exploits1References1
Rows per page
Query Builder