432 matches found
CVE-2026-49384
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills
AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chai...
JetBrains PyCharm < 2025.3.4 Stored XSS
According to its self-reported version, the JetBrains PyCharm installation on the remote host is prior to 2025.3.4. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in Jupyter notebook Markdown cells. In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook...
CVE-2026-41013
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013
CVE-2026-41013 describes an input validation bypass in the SMB volume mount handling of CloudFoundry Foundation’s diego-release. The vulnerability allows a low-privileged CF space developer to inject arbitrary kernel CIFS mount options by bypassing the mount-option allowlist, enabling privilege e...
CVE-2026-41013
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
EUVD-2026-33727
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...
CVE-2026-41013 - Tenant-controlled comma smuggles arbitrary CIFS mount options | Cloud Foundry
HIGH CVSS 3.1 Score: 8.5 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. smb-volume-release – All versions prior to v3.60.0 CF Deployment – All versions prior to v56.0.0 Description Input validation bypass in SMB volume...
PT-2026-45516
Name of the Vulnerable Software and Affected Versions smb-volume-release versions prior to v3.60.0 CF Deployment versions prior to v56.0.0 Description An input validation bypass exists in the SMB volume mount handling within CloudFoundry Foundation diego-release. This allows a low-privileged CF...
CVE-2026-49384
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
EUVD-2026-33392
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
CVE-2026-49384
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
CVE-2026-49384
JetBrains PyCharm before 2025.3.4 is affected by a stored XSS vulnerability in Jupyter notebook Markdown cells. The CVE notes untrusted content in Markdown cells can be rendered, enabling potential script execution. Supported data: CVSS 3.1 base score 6.1 (Network attack vector, required user int...
JetBrains PyCharm 跨站脚本漏洞
JetBrains PyCharm is an integrated development environment IDE for Python language developed by the Czech company JetBrains. Versions of JetBrains PyCharm prior to 2025.3.4 contained a cross-site scripting vulnerability, which originated from Markdown cells in Jupyter notebooks, where a...
PT-2026-44964
Name of the Vulnerable Software and Affected Versions JetBrains PyCharm versions prior to 2025.3.4 Description Stored Cross-Site Scripting XSS is possible within Jupyter notebook Markdown cells. Cross-Site Scripting is a type of security flaw where malicious scripts are injected into trusted...
freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...
freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId
A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...