Lucene search
K

236 matches found

Cvelist
Cvelist
added 2025/12/29 11:46 p.m.28 views

CVE-2025-68120 Unexpected untrusted code execution in github.com/golang/vscode-go

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

0.00418EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.4 views

PT-2025-53815

Name of the Vulnerable Software and Affected Versions Visual Studio Code Go extension affected versions not specified Description The Visual Studio Code Go extension was disabled in Restricted Mode to prevent unexpected untrusted code execution. Recommendations At the moment, there is no...

5.4CVSS6.8AI score0.00418EPSS
Exploits1References6
Veracode
Veracode
added 2025/11/25 8:30 a.m.5 views

Code Injection

@anthropic-ai/claude-code is vulnerable to code injection.The vulnerability is due to a flaw in the startup trust dialog that allows an attacker to trick the tool into executing untrusted project code before the user approves the dialog...

8.8CVSS7.1AI score0.30227EPSS
Exploits6References2Affected Software1
AlpineLinux
AlpineLinux
added 2025/11/20 4:38 p.m.5 views

CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

7.3CVSS7.9AI score0.00326EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-2099

Malware in sbrugna...

8.8CVSS8.7AI score0.01426EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1277

Malware in sbrugna...

8.1CVSS6.4AI score0.0226EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-1891

Malware in sbrugna...

10CVSS6.1AI score0.03031EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-16129

Malware in sbrugna...

9.8CVSS9.4AI score0.00537EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-8683

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.01155EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0229

Malicious code in bioql PyPI...

8.3CVSS7.9AI score0.00637EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-0835

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02351EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-8684

Malicious code in bioql PyPI...

8.1CVSS8AI score0.01035EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-21373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, nimble refresh fetches a list of Nimble...

7.5CVSS6.8AI score0.01155EPSS
Exploits1References2
Amazon
Amazon
added 2025/08/08 12:0 a.m.5 views

Important: java-24-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...

8.6CVSS6.8AI score0.01058EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/08/02 8:22 p.m.3 views

CVE-2025-54430

dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...

9.1CVSS6.4AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2025/07/09 3:15 p.m.9 views

CVE-2025-53546

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

9.1CVSS0.00305EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.2 views

PT-2025-28898 · Folo · Folo

Name of the Vulnerable Software and Affected Versions: Folo affected versions not specified Description: Folo organizes feeds content into one timeline. The use of pull request target in the .github/workflows/auto-fix-lint-format-commit.yml workflow file can be exploited by attackers to execute...

9.1CVSS6.5AI score0.00305EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.9 views

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

8.1CVSS7.3AI score0.01381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:28 p.m.5 views

CVE-2021-30245

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to...

8.8CVSS7.1AI score0.04942EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.8 views

CVE-2021-29655

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute...

9.8CVSS7.2AI score0.00537EPSS
Exploits0References1
Rows per page
Query Builder