Input validation

Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users...

CVE-2022-46154

CVE-2022-46154 affects KodExplorer (prior to v4.50). The issue lets unauthenticated users request arbitrary files from the host OS file system due to inadequate access control/path traversal. Impact: access to any files available to the host process. The vulnerability is addressed in version 4.50...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

CVE-2022-40764 affects Snyk CLI and related IDE plugins; before 1.996.0, it allowed arbitrary command execution, potentially via viewing untrusted files in VS Code. The original demonstration involved shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1 and...

WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Read vulnerability

Authenticated Arbitrary File Read vulnerability discovered by Brandon James Roldan Patchstack Alliance in WordPress WPide plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...

WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability

Authenticated Arbitrary File Edit/Upload vulnerability discovered by Vlad Vector Patchstack in WordPress WPide plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...

WordPress WPIDE – File Manager & Code Editor plugin <= 2.6 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated Local File Inclusion LFI vulnerability discovered by Raad Haddad in WordPress WPIDE – File Manager & Code Editor plugin versions = 2.6. Solution Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version at least 3.0...

Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2022-60132)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which arises from a failure of a networked system or product to properly filter specific elements of externally entered data during the...

@cisdi/code-editor (>=3.0.0 <=3.3.10), @cisdi/ui-engine-charts (>=3.2.0 <=3.2.4) +32 more potentially affected by CVE-2021-23771 via notevil (>=0.8.1 <=1.3.3)

notevil NPM version =0.8.1, =3.0.0, =3.2.0, =2.9.0, =1.0.1, =1.0.0, =1.0.0, =0.10.0, =1.5.24, =5.0.0, =3.0.0, =5.2.0, =0.0.1, =0.0.50 and more Source cves: CVE-2021-23771 Source advisory: OSV:GHSA-8G4M-CJM2-96WQ...

@cisdi/code-editor (>=3.0.0 <=3.3.10), @cisdi/ui-engine-charts (>=3.2.0 <=3.2.4) +32 more potentially affected by CVE-2021-23771 via notevil (>=0.8.1 <=1.3.3)

notevil NPM version =0.8.1, =3.0.0, =3.2.0, =2.9.0, =1.0.1, =1.0.0, =1.0.0, =0.10.0, =1.5.24, =5.0.0, =3.0.0, =5.2.0, =0.0.1, =0.0.50 and more Source cves: CVE-2021-23771 Source advisory: SNYK:JS-NOTEVIL-2385946...

ICEcoder 跨站脚本漏洞

ICEcoder is a browser-based code editor that provides a modern approach to building websites. By allowing you to write code directly in your web browser. A cross-site scripting vulnerability exists in icecoder, which can be exploited by attackers to perform XSS attacks...

EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

The plugin does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code As a contributor, create/edit a post and put the below code while in Code Editor mode: \naa\n Save or Preview the page,...

Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly sanitise or escape some of the properties of the Recipe Card Block such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. As a...

Microsoft Visual Studio Code Execution Vulnerability (CNVD-2021-29879)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. Visual Studio Code code injection vulnerability. No details of the vulnerability are provided at this time...

Computing at the Edge

Welcome to the Akamai October 2020 Update - a week of product updates, new features, and innovations. We'll be highlighting a different area of our portfolio each day this week. In today's post, we look at our enhanced edge computing capabilities and how they help developers more effectively and...

@ambers/helios (>=0.10.0 <=0.13.5), @cloudmosaic/quickstarts (>=1.0.0-rc.0 <=1.0.0-rc.1) +181 more potentially affected by unknown CVE via showdown (>=0.0.1 <=1.9.0)

showdown NPM version =0.0.1, =0.10.0, =1.0.0-rc.0, =1.0.0, =1.0.0-alpha.1, =2.0.0, =0.4.0, =1.6.3, =5.2.1, =0.0.11, =0.0.9, =0.0.2, =1.0.0, =1.0.1, =2.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H6MQ-3CJ6-H738...

lemlist: CVE-2019-19935 - DOM based XSS in the froala editor

Summary: A stored XSS flow exist in the froala editor used in the web application. This can be trigger by using the code view of the editor Steps To Reproduce: 1. Start a new campaign 2. fill all the fieds and choose blank email template for the message 3. Switch to code editor view and inject "...

[SECURITY] Fedora 30 Update: elementary-code-3.1.1-2.fc30

Code editor from elementary...

pydantic

Pydantic Validation !CIhttps://img.shields.io/github/acti...

FTP Made Easy PRO 1.2 Arbitrary File Download

Exploit Title: FTP Made Easy PRO Script v1.2 - Arbitrary File Download Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy: https://codecanyon.net/item/ftp-made-easy-pro-php-multiple-ftp-manager-client-with-code-editor/17460747 Demo:...