CVE-2026-53915

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

CVE-2026-53915

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

CVE-2026-53915

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

EUVD-2026-38005

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

PT-2026-50874

Name of the Vulnerable Software and Affected Versions JetBrains GoLand versions prior to 2026.1.3 Description Remote code execution is possible through the use of untrusted project configuration. Recommendations Update JetBrains GoLand to version 2026.1.3 or later...

CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

CVE-2026-32685 Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

CVE-2026-32685

CVE-2026-32685 describes a path traversal in Gleam’s docs build process. The vulnerability arises from unvalidated handling of documentation.pages paths and sources in gleam.toml, enabling an attacker to read arbitrary local files and to write generated documentation outside the intended output d...

EUVD-2026-33927

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

EEF-CVE-2026-32685 Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write

Summary Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validatio...

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

CVE-2026-24055

Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow,...

EUVD-2026-4216

Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow,...

CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

CVE-2025-64726

Socket Firewall (sfw) is affected for binary versions prior to 0.15.5. The vulnerability allows arbitrary code execution when run in an untrusted project directory by placing a malicious .sfw.config; loading the file populates environment variables into the Node.js process, enabling an attacker t...

EUVD-2020-0570

Malware in sbrugna...

EUVD-2023-56364

Malicious code in bioql PyPI...

PT-2025-40458

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111 Description Claude Code is an agentic coding tool. A bug in the startup trust dialog implementation allows for code injection, where the tool could be tricked into executing code contained within a project...