70 matches found
PT-2025-51976
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...
PT-2025-51975
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol LSP configurations from the settings.json file within a project’s .zed subdirectory. A malicious LSP...
MicrosoftAmplifierPoC
Microsoft Amplifier RCE PoC Proof of concept demonstrating re...
EUVD-2024-46330
Malicious code in bioql PyPI...
EUVD-2024-42218
Malicious code in bioql PyPI...
EUVD-2021-28340
Malicious code in bioql PyPI...
EUVD-2023-12309
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4...
CVE-2023-3964
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...
CVE-2024-46881
Develocity formerly Gradle Enterprise before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 in affected vulnerable versions does not include...
CVE-2024-46881
Develocity formerly Gradle Enterprise before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 in affected vulnerable versions does not include...
PT-2025-2749 · Unknown · Develocity
Name of the Vulnerable Software and Affected Versions: Develocity versions 2023.3.X through 2023.4.X Develocity versions 2023.3.X through 2024.1.7 Develocity versions 2023.4.X through 2024.1.7 Develocity versions prior to 2024.1.8 Description: The issue arises from incorrect access control in...
CVE-2024-46881
The CVE-2024-46881 issue in Develocity (Gradle Enterprise) stems from an incorrect access-control migration. Enterprise Config schema v8 introduced project-level access control; when upgrading to schemas 9/10, the projects section may be omitted, causing all project settings to reset to defaults ...
CVE-2024-46881
Develocity formerly Gradle Enterprise before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 in affected vulnerable versions does not include...
CVE-2023-43962
Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab...
XunRui CMS 安全漏洞
XunRui CMS Xunrui CMS is China Xunrui Xunrui company's set of open source content management system CMS. A cross-site scripting vulnerability exists in XunRui CMS v4.6.1, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by a remote attacker...
CVE-2023-43962
Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab...
CVE-2023-43962
Xunrui CMS Public Edition v4.6.1 is affected by a Cross Site Scripting vulnerability. The flaw enables a remote attacker to execute arbitrary code via the project name function in the project settings tab. The Red Hat, CNVD, CNVD, NVD, CIRCL, and CVE listings consistently describe the same issue....
The configuration of the JetBrains Space module “Project Settings” exposes vulnerabilities. This vulnerability relates to the connections in the system for continuous integration and delivery of applications (CI/CD). The JetBrains TeamCity allows attackers to gain unauthorized access to protected information.
The vulnerability of the JetBrains Space module’s Project Settings | Connections system for continuous integration and delivery of applications is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...
CVE-2024-5127
In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...