Lucene search
+L

114 matches found

Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-47295 Microsoft SQL Server Elevation of Privilege Vulnerability

...

8.8CVSS0.00921EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 4:20 p.m.9 views

CVE-2026-42503

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host e.g. :8080, or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This...

8.8CVSS6AI score0.00223EPSS
Exploits0References3
Fedora
Fedora
added 2026/04/25 1:55 a.m.9 views

[SECURITY] Fedora 44 Update: qt6-qtlanguageserver-6.10.3-1.fc44

The Qt Language Server component provides an implementation of the Language Server protocol...

5.3AI score
Exploits0
OSV
OSV
added 2026/03/31 3:15 a.m.4 views

DEBIAN-CVE-2026-34060

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

7.1CVSS6.2AI score0.00479EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/31 3:15 a.m.12 views

CVE-2026-34060

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

9.8CVSS6.1AI score0.00479EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 1:59 a.m.7 views

CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

7.1CVSS6.4AI score0.00479EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

Ruby LSP 代码注入漏洞

Ruby LSP is an open-source Ruby language server developed by Shopify. It provides code completion and debugging features. Versions of Ruby LSP prior to 0.10.2 and 0.26.9 contained a code injection vulnerability. This vulnerability stemmed from the fact that the Gemfile generated by rubyLsp.branch...

9.8CVSS6AI score0.00479EPSS
Exploits0References2
CVE
CVE
added 2026/03/10 5:5 p.m.136 views

CVE-2026-26115

CVE-2026-26115: Microsoft SQL Server Elevation of Privilege due to improper validation of input. Affects Microsoft SQL Server; vulnerability is exploitable over a network by an authorized attacker with LOW privileges; CVSS v3.1 base score 8.8 (High). Connected sources also reference related bugs ...

8.8CVSS5.8AI score0.01095EPSS
Exploits0References1Affected Software5
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.6 views

CVE-2026-20803

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network...

7.2CVSS7.7AI score0.01242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.12 views

CVE-2019-18213

XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF as well as SMB connection initiation that can lead to NetNTLM challenge/response captu...

8.8CVSS7AI score0.01981EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.7 views

CVE-2019-18212

XMLLanguageService.java in XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal...

6.5CVSS7.2AI score0.02841EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.10 views

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.8AI score0.00275EPSS
Exploits1References1
NVD
NVD
added 2025/12/17 11:16 p.m.9 views

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS0.00275EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/17 10:45 p.m.4 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.5AI score0.00275EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/17 10:45 p.m.27 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS0.00275EPSS
Exploits1References2
OSV
OSV
added 2025/12/17 10:45 p.m.11 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.8AI score0.00275EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Zed 命令注入漏洞

Zed is an open source code editor from Zed Industries. A command injection vulnerability exists in versions prior to Zed 0.218.2-pre that stems from loading a malicious LSP configuration from the settings.json file in the project.zed subdirectory, which could lead to arbitrary code execution...

7.7CVSS8AI score0.00275EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51975

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol LSP configurations from the settings.json file within a project’s .zed subdirectory. A malicious LSP...

7.7CVSS8AI score0.00275EPSS
Exploits1References6
OSV
OSV
added 2025/12/04 4:16 p.m.4 views

CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

6.1CVSS5.7AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.24 views

CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

0.0019EPSS
Exploits0References2
Rows per page
Query Builder