180 matches found
Arbitrary Command Execution
GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...
CVE-2026-57766
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
EUVD-2026-41321
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
CVE-2026-57766
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
CVE-2026-57766 WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
CVE-2026-57766
This CVE covers an Unauthenticated Cross Site Request Forgery (CSRF) in the WordPress WPIDE – File Manager & Code Editor plugin, affecting versions
WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...
PT-2026-55053
Name of the Vulnerable Software and Affected Versions WPIDE – File Manager & Code Editor versions prior to 3.5.7 Description An unauthenticated Cross Site Request Forgery CSRF issue exists. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not intend to do ...
CVE-2026-49241
The CVE concerns the Angular Language Service VS Code Extension (pre-21.2.4). It reads custom tsdk paths from workspace settings without Workspace Trust checks, then dynamically loads tsserverlibrary.js from a user-specified folder during server initialization. An attacker could commit a reposito...
CVE-2026-44466
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...
CVE-2026-44463
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...
CVE-2026-44463 Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...
CVE-2026-44461
Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...
The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
Multi-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence...
CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
...
CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...
CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...
WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.1...
CVE-2026-35021
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...
CVE-2026-27800
Zed, a code editor, has a Zip Slip Path Traversal vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The extractzip function in crates/util/src/archive.rs fails to validate ZIP entry filenames for path traversal sequences e.g., ../. This allows a...