69 matches found
EUVD-2026-39654
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...
CVE-2026-57923
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...
CVE-2026-57922
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...
CVE-2026-57923
JetBrains YouTrack (before 2026.2.16593) is affected by CVE-2026-57923 due to improper authorization in the app configurations endpoint, which allowed modifying project settings. Root cause: inadequate access checks on the app configurations endpoint. Documented impact: potential unintended chang...
CVE-2026-57923
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...
CVE-2026-57922
CVE-2026-57922 affects JetBrains YouTrack prior to version 2026.2.16593, where project settings could be disclosed via MCP. The vulnerability is described as a disclosure of project settings, with no exploitation details provided. The documents imply a fix in version 2026.2.16593, but do not prov...
CVE-2026-57922
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...
PT-2026-52702
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description An issue exists that allows the disclosure of project settings via the MCP. Recommendations Update to version 2026.2.16593...
PT-2026-52703
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper authorization in the app configurations endpoint allows for the modification of project settings. Recommendations Update JetBrains YouTrack to version 2026.2.16593 or later...
Anthropic Claude Code < 2.0.65 API Key Leak via Project Settings (CVE-2026-21852)
The version of Anthropic Claude Code installed on the remote host is prior to 2.0.65. It is, therefore, affected by an information disclosure vulnerability. A vulnerability in the project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirm...
CVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68433
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68432
Summary: CVE-2025-68432 affects Zed IDE and enables arbitrary code execution by loading LSP configurations from a project’s .zed/settings.json. A malicious LSP entry could execute shell commands with the user’s privileges when a project file with an LSP entry is opened. Affected versions: prior t...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
PT-2025-51976
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...