846 matches found
WordPress IDE Micro code-editor plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin IDE Micro code-editor versions = 1.0.0...
PT-2026-7528
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.6.6 GitLab CE/EE versions 18.7 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 Description An issue exists in GitLab CE/EE related to incomplete validation within the Web IDE. This could allow an...
A Bootiful Podcast: Jetbrains legend Dmitry Jemerov
Hi, Spring and IntelliJ IDEA fans! This week we celebrate 25 years of Jetbrains IntelliJ IDEA, and who better to talk to us about its evolution than Dmitry Jemerov, whose been a contributor and developer for the project since 2003!...
From Detection to Remediation: Wiz in Your JetBrains IDE
The Wiz JetBrains IDE plugin is now generally available, enabling developers to fix risks before code leaves their local environment...
MiracleLinux 9 : qemu-kvm-8.2.0-11.el9 (AXSA:2024-7897:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7897:02 advisory. QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019 QEMU: VNC: infinite loop in inflatebuffer leads to denial of service...
MiracleLinux 7 : qemu-kvm-1.5.3-175.el7.4 (AXSA:2021-1882:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1882:03 advisory. QEMU: ide: atapi: OOB access while processing read commands CVE-2020-29443 Tenable has extracted the preceding description block directly from the MiracleLin...
CVE-2026-0830
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...
FreeBSD : Gitlab -- vulnerabilities (c9b610e9-eebc-11f0-b051-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c9b610e9-eebc-11f0-b051-2cf05da270f3 advisory. Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders...
CVE-2026-0830
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...
EUVD-2026-1682
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...
CVE-2021-31900
In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host...
CVE-2023-4218
In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...
CVE-2021-31431
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...
CVE-2021-31432
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...
PT-2026-2030
Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.6.18 Description Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper. This occurs when opening maliciously crafted workspaces. The...
Kiro IDE 安全漏洞
Kiro IDE is an integrated development environment from Kiro Open Source. A security vulnerability exists in Kiro IDE versions prior to 0.6.18, which stems from a command injection vulnerability in the handling of specially crafted workspace folder names, which could lead to the execution of...
Gitlab -- vulnerabilities
Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE Cross-site Scripting issue in Web IDE impacts GitLab CE/EE Missing Authorization issue in Duo Workflows API impacts GitLab EE Missing Authorization issue in AI GraphQL mutation impacts...
CVE-2025-64724
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...
CVE-2025-64723
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...
K000158850: PCIe IDE protocol specification vulnerabilities CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614
Security Advisory Description CVE-2025-9612 An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without...