70 matches found
EUVD-2025-203768
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...
PT-2025-51713
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-0504 Black Duck SCA Project Privilege Escalation
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
MAL-2025-185469 Malicious code in antares-luminescence-phoebe-higgs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9250c08aab5a952d64b8b3d1497c203806cf0a3da77a0aa075aaeece4362bd64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181024 Malicious code in teate-thy-sonic-urapu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9380cef82872e3ccdee7e5519c2ab04e168ed707dc179e1ee4a94ae82672d4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144447 Malicious code in lint-staged-blaze-concurrently-cordelia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c264da9ee153bfc81c5d7023d782b5e52b2e8e8b64216fe7ac06aa6fdb1d3df8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-78745 Malicious code in hendra-brengkes46-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b033538cc9dcbce79cdb4555e1f6cc506c5fd7d38826ba4b4f5398f4bfe2189 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2019-10965
Malware in sbrugna...
EUVD-2020-28643
Malware in sbrugna...
EUVD-2022-4072
Malicious code in bioql PyPI...
CVE-2025-61592
Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...
CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config
Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...
CVE-2025-61592
Cursor CLI (versions ≤ 1.7) is vulnerable to Remote Code Execution via automatic loading of project-specific CLI configuration from /.cursor/cli.json that can override global settings. The underlying issue is permissive configuration combined with prompt injection delivered through project rules ...
PT-2025-40541
Name of the Vulnerable Software and Affected Versions Cursor versions 1.7 and below Description Cursor, a code editor for programming with AI, has an issue where automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override global...
CVE-2025-1568
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelin...
The vulnerability of the SCADA system MasterSCADA, related to deficiencies in data protection, allows a intruder to gain access to the project configuration file.
The vulnerability of the SCADA system MasterSCADA is related to deficiencies in data protection. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project configuration file by rewriting the password hash value...
Jenkins HTML Publisher Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability ...
Design/Logic Flaw
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...