Lucene search
K

180 matches found

Veracode
Veracode
added yesterday2 views

Arbitrary Command Execution

GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.10 views

CVE-2026-57766

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:16 a.m.6 views

EUVD-2026-41321

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.11 views

CVE-2026-57766

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.38 views

CVE-2026-57766 WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:16 a.m.16 views

CVE-2026-57766

This CVE covers an Unauthenticated Cross Site Request Forgery (CSRF) in the WordPress WPIDE – File Manager & Code Editor plugin, affecting versions

8.8CVSS5.8AI score0.00142EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 9:29 a.m.9 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...

8.8CVSS5.8AI score0.00142EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55053

Name of the Vulnerable Software and Affected Versions WPIDE – File Manager & Code Editor versions prior to 3.5.7 Description An unauthenticated Cross Site Request Forgery CSRF issue exists. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not intend to do ...

8.8CVSS6AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2026/06/22 3:16 p.m.32 views

CVE-2026-49241

The CVE concerns the Angular Language Service VS Code Extension (pre-21.2.4). It reads custom tsdk paths from workspace settings without Workspace Trust checks, then dynamically loads tsserverlibrary.js from a user-specified folder during server initialization. An attacker could commit a reposito...

8.8CVSS5.9AI score0.00154EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-44466

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.16 views

CVE-2026-44463

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 4:15 p.m.37 views

CVE-2026-44463 Zed: Allowlist Bypass via Environment Variable Injection in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...

8.6CVSS0.00232EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:8 p.m.11 views

CVE-2026-44461

Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key for example via project termin...

8.6CVSS6.2AI score0.00257EPSS
Exploits1References2Affected Software1
Wiz blog
Wiz blog
added 2026/05/19 8:29 a.m.11 views

The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave

Multi-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/12 4:59 p.m.72 views

CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability

...

8.8CVSS0.0052EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 6:34 p.m.11 views

CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS6.7AI score0.00545EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 6:34 p.m.37 views

CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent...

8.8CVSS0.00545EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/01 9:14 a.m.7 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.1...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35021

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

8.4CVSS6.2AI score0.00041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.9 views

CVE-2026-27800

Zed, a code editor, has a Zip Slip Path Traversal vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The extractzip function in crates/util/src/archive.rs fails to validate ZIP entry filenames for path traversal sequences e.g., ../. This allows a...

7.4CVSS5.5AI score0.0029EPSS
Exploits1References1
Rows per page
Query Builder