Lucene search
K

849 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-41321

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.4 views

FreeBSD : Gitlab -- Vulnerabilities (ee1e7aef-7117-11f1-873f-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ee1e7aef-7117-11f1-873f-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site...

8.7CVSS5.7AI score0.00328EPSS
Exploits0References15
Snyk
Snyk
added 2026/06/18 6:35 p.m.9 views

Unsafe Dependency Resolution

Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36791

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.3AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-11931

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS0.00115EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 6:33 p.m.7 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.4AI score0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 6:33 p.m.31 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS0.00115EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 6:33 p.m.76 views

CVE-2026-11931

CVE-2026-11931 affects Kiro IDE on macOS and Linux prior to version 0.11.133, where the authentication token cache file could be world-readable (0644) instead of owner-restricted (0600). This may allow other local users/processes to access cached tokens. Remediation: upgrade to Kiro IDE 0.11.133 ...

6.8CVSS5.3AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49284

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.4AI score0.00115EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.8 views

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS5.9AI score0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 3:34 p.m.11 views

EUVD-2026-33964

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:34 p.m.9 views

CVE-2026-10591 Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 3:34 p.m.46 views

CVE-2026-10591 Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:34 p.m.7 views

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References3
CVE
CVE
added 2026/06/02 3:34 p.m.29 views

CVE-2026-10591

CVE-2026-10591 affects Amazon Kiro IDE prior to 0.11. The issue is insufficient access control in the file write tool, allowing remote unauthenticated actors to cause writes to execution-sensitive paths (e.g., .vscode/tasks.json), enabling automatic execution on folder open. Impact is high: poten...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45768

Name of the Vulnerable Software and Affected Versions Amazon Kiro IDE versions prior to 0.11 Description Insufficient access control restrictions in the file write tool allow remote unauthenticated actors to execute arbitrary commands. This is achieved by using crafted instructions to write to...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

Amazon Kiro IDE 安全漏洞

Amazon Kiro IDE is an integrated development environment developed based on AI specifications by Amazon, Inc. Versions of Amazon Kiro IDE prior to 0.11 contained a security vulnerability. This vulnerability stemmed from insufficient access control restrictions in the file writing tool, allowing...

8.8CVSS5.5AI score0.00373EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 5:16 p.m.7 views

UBUNTU-CVE-2026-44465

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/28 4:10 p.m.29 views

CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS0.00297EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 4:10 p.m.10 views

EUVD-2026-32937

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References1
Rows per page
Query Builder