846 matches found
Malicious code in gemini-cli-vscode-ide-companion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a98d87fa5f23a47c4b1ea2c0cecb3e88518985493c1b7f125299ecf8ee6dba1 The package gemini-cli-vscode-ide-companion was found to contain malicious code...
CVE-2026-34841
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...
CVE-2026-34841
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...
EUVD-2026-19354
Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...
CVE-2026-34841
Bruno (open source IDE for APIs) was affected by a supply-chain incident prior to version 3.2.1 involving compromised axios releases that introduced a hidden dependency deploying a cross‑platform Remote Access Trojan (RAT). The affected window was npm install between 00:21 UTC and ~03:30 UTC on 3...
Bruno 安全漏洞
Bruno is an open-source IDE developed by usebruno, designed for exploring and testing APIs. Versions of Bruno prior to 3.2.1 contained security vulnerabilities. These vulnerabilities were caused by a supply chain attack involving a tampered axios npm package, which could potentially deploy...
CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme
Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...
CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme
Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute arbitrary code via a potentially damaging crafted color theme name when a local user opens the workspace. This issue requires the user ...
CVE-2026-5429
The CVE concerns Kiro IDE’s Kiro Agent webview (pre-0.8.140). An unsanitized input path during web page generation permits a remote, unauthenticated attacker to execute arbitrary code by crafting a harmful color theme name when a local user opens a workspace. The issue relies on the user trusting...
PT-2026-29886
Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.8.140 Description An issue exists in the Kiro Agent webview within Kiro IDE, prior to version 0.8.140, where unsanitized input during web page generation can allow a remote, unauthenticated attacker to execute...
Kiro IDE 安全漏洞
Kiro IDE is an integrated development environment developed by Kiro as open source. Versions of Kiro IDE prior to 0.8.140 contained security vulnerabilities. These vulnerabilities stemmed from uncleaned inputs during the webview generation in the Kiro Agent, which could allow remote, unverified...
CVE-2026-30309
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...
EUVD-2026-17421
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...
CVE-2026-4295
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...
Apple Xcode 安全漏洞
Apple Xcode is an integrated development environment provided by the American company Apple for developers. It is primarily used for developing applications for Mac OS X and iOS platforms. Versions of Apple Xcode prior to 26.4 contained a security vulnerability caused by excessive memory access,...
Malicious code in xrpl-hooks-ide (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cba4a53598147b0ea4a05d573906166d018f6026d4b245512f651c235c2bae3 The package xrpl-hooks-ide was found to contain malicious code...
MAL-2026-2398 Malicious code in xrpl-hooks-ide (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cba4a53598147b0ea4a05d573906166d018f6026d4b245512f651c235c2bae3 The package xrpl-hooks-ide was found to contain malicious code...
📄 Cursor IDE MCP Deeplink Remote Code Execution
This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...
Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data
Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials...
EUVD-2026-12638
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...