Lucene search
K

69 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39654

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

3.1CVSS5.8AI score0.00143EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

7.5CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-57922

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

5.3CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-57923

JetBrains YouTrack (before 2026.2.16593) is affected by CVE-2026-57923 due to improper authorization in the app configurations endpoint, which allowed modifying project settings. Root cause: inadequate access checks on the app configurations endpoint. Documented impact: potential unintended chang...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

5.3CVSS0.00159EPSS
Exploits0References1
CVE
CVE
added 6 days ago18 views

CVE-2026-57922

CVE-2026-57922 affects JetBrains YouTrack prior to version 2026.2.16593, where project settings could be disclosed via MCP. The vulnerability is described as a disclosure of project settings, with no exploitation details provided. The documents imply a fix in version 2026.2.16593, but do not prov...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-57922

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

3.1CVSS0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-52702

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description An issue exists that allows the disclosure of project settings via the MCP. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-52703

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper authorization in the app configurations endpoint allows for the modification of project settings. Recommendations Update JetBrains YouTrack to version 2026.2.16593 or later...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.9 views

Anthropic Claude Code < 2.0.65 API Key Leak via Project Settings (CVE-2026-21852)

The version of Anthropic Claude Code installed on the remote host is prior to 2.0.65. It is, therefore, affected by an information disclosure vulnerability. A vulnerability in the project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirm...

7.5CVSS6.1AI score0.2297EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.5 views

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.8AI score0.0027EPSS
Exploits1References1
NVD
NVD
added 2025/12/17 11:16 p.m.7 views

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS0.0027EPSS
Exploits1References2
NVD
NVD
added 2025/12/17 11:16 p.m.12 views

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS0.00252EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/17 10:47 p.m.4 views

CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS7.4AI score0.00252EPSS
Exploits1References2
OSV
OSV
added 2025/12/17 10:47 p.m.4 views

CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS7.7AI score0.00252EPSS
Exploits1References4
CVE
CVE
added 2025/12/17 10:45 p.m.14 views

CVE-2025-68432

Summary: CVE-2025-68432 affects Zed IDE and enables arbitrary code execution by loading LSP configurations from a project’s .zed/settings.json. A malicious LSP entry could execute shell commands with the user’s privileges when a project file with an LSP entry is opened. Affected versions: prior t...

7.7CVSS7.5AI score0.0027EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/17 10:45 p.m.4 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.5AI score0.0027EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/17 10:45 p.m.22 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS0.0027EPSS
Exploits1References2
OSV
OSV
added 2025/12/17 10:45 p.m.8 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.8AI score0.0027EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51976

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...

7.7CVSS7.7AI score0.00252EPSS
Exploits1References6
Rows per page
Query Builder