CVE-2025-68433

CVE-2025-68433 affects Zed IDE prior to 0.218.2-pre. The vulnerability arises from loading MCP configurations from a project/.zed/settings.json without explicit user confirmation, allowing a malicious MCP to execute arbitrary shell commands on the host with the IDE user’s privileges when a projec...

The vulnerability of the Microsoft Visual Studio Code ESLint Extension lies in the insufficient data validation when opening a project, allowing a malicious actor to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio Code ESLint Extension lies in the insufficient data validation when opening a project. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

PT-2020-3300 · Microsoft · Visual Studio Code Eslint Extension

Name of the Vulnerable Software and Affected Versions: ESLint extension for Visual Studio Code affected versions not specified Description: A remote code execution issue exists in the ESLint extension for Visual Studio Code. This occurs when the extension validates source code after a project is...

CVE-2020-7496

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause unauthorized write access when opening the project file...