CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

EUVD-2026-33927

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

4.6CVSS5.9AI score0.00014EPSS

Exploits0References5

OSV•added 2 days ago•4 views

EEF-CVE-2026-32685 Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write

Summary Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validatio...

4.6CVSS5.9AI score0.00014EPSS

Exploits0References4

CVE•added 2 days ago•9 views

CVE-2026-32685

CVE-2026-32685 describes a path traversal in Gleam’s docs build process. The vulnerability arises from unvalidated handling of documentation.pages paths and sources in gleam.toml, enabling an attacker to read arbitrary local files and to write generated documentation outside the intended output d...

4.6CVSS5.9AI score0.00014EPSS

Exploits0References5

Vulnrichment•added 2 days ago•3 views

CVE-2026-32685 Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write

4.6CVSS5.9AI score0.00014EPSS

Exploits0References5

ATTACKERKB•added 2 days ago•3 views

CVE-2026-32685

4.6CVSS5.9AI score0.00014EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/04/15 8:47 p.m.•16 views

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS0.00023EPSS

Exploits3References2

EUVD•added 2026/01/22 3:7 a.m.•5 views

EUVD-2026-4216

Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow,...

6.3CVSS5.6AI score0.00041EPSS

Exploits2References4

ATTACKERKB•added 2026/01/22 3:7 a.m.•2 views

CVE-2026-24055

6.3CVSS5.4AI score0.00041EPSS

Exploits2References5Affected Software1

OSV•added 2025/11/20 5:15 p.m.•2 views

CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

7.3CVSS7.8AI score

Exploits0References2

CVE•added 2025/11/13 7:55 p.m.•8 views

CVE-2025-64726

Socket Firewall (sfw) is affected for binary versions prior to 0.15.5. The vulnerability allows arbitrary code execution when run in an untrusted project directory by placing a malicious .sfw.config; loading the file populates environment variables into the Node.js process, enabling an attacker t...

7.3CVSS7.7AI score0.00021EPSS

Exploits0References2

Cvelist•added 2025/11/13 7:55 p.m.•7 views

CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

7.3CVSS0.00021EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-0570

Malware in sbrugna...

9.8CVSS9.4AI score0.06601EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-56364

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00003EPSS

Exploits0References1

Positive Technologies•added 2025/10/03 12:0 a.m.•2 views

PT-2025-40458

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111 Description Claude Code is an agentic coding tool. A bug in the startup trust dialog implementation allows for code injection, where the tool could be tricked into executing code contained within a project...

8.8CVSS6.1AI score0.00039EPSS

Exploits5References76

RedhatCVE•added 2025/05/23 6:34 a.m.•5 views

CVE-2024-52555

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script...

7.8CVSS7.5AI score0.00004EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:52 a.m.•4 views

CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

9.8CVSS7.5AI score0.00003EPSS

Exploits0

CNVD•added 2024/11/21 12:0 a.m.•3 views

JetBrains webstorm code execution vulnerability

JetBrains webstorm is an integrated development environment IDE for JavaScript and TypeScript development. A code execution vulnerability exists in JetBrains webstorm, which originates from installer scripts via type definition, and can be exploited by an attacker to execute code in untrusted...

7.8CVSS7.8AI score0.00004EPSS

Exploits0References1