166 matches found
EUVD-2025-198328
Malicious code in @ra-ide/code-editor-frontend npm...
MAL-2025-190590 Malicious code in @ra-ide/code-editor-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39784fd9275723725034c0f9fcb2df35d06963659572a3aeaccd51e3a5e07e61 The package @ra-ide/code-editor-frontend was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in cline-ai-main.cline-ai-agent (VSCode)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 04aeefbf39e1e9157280b91899a141e4f4c6619d434c594e4a2d3bf43883dbe6 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...
CVE-2025-64106
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...
WordPress kallyas plugin code execution vulnerability
WordPress kallyas plugin is a website builder designed for WordPress that offers theme and plugin functionality. A code execution vulnerability exists in WordPress kallyas plugin, which stems from unrestricted non-administrator access to the code editor widget, and can be exploited by an attacker...
PT-2025-45063
Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2025.09.17-25b418f Description Cursor is a code editor designed for programming with AI. A flaw in the Cursor CLI Beta could allow a remote attacker to execute code. This is possible through the Model Context Protocol...
EUVD-2025-37432
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the THPhpCode pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated...
CVE-2025-6990 Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the THPhpCode pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated...
WordPress plugin kallyas 代码注入漏洞
WordPress kallyas plugin is a website builder designed for WordPress that offers theme and plugin functionality. A code execution vulnerability exists in WordPress kallyas plugin, which stems from unrestricted non-administrator access to the code editor widget, and can be exploited by an attacker...
CVE-2025-12203
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-12203
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-12203
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-12203
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...
CVE-2025-12203 givanz Vvveb Code Editor functions.php sanitizeFileName path traversal
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...
EUVD-2025-36065
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit ha...
CVE-2025-12203
Summary: CVE-2025-12203 affects givanz Vvveb up to 1.0.7.3, specifically the sanitizeFileName function in Code Editor’s file system/functions.php. The issue allows remote path traversal via manipulation of the File argument. Impact (as stated): Path traversal could lead to unauthorized file acces...
CVE-2025-12203 givanz Vvveb Code Editor functions.php sanitizeFileName path traversal
A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...
Vvveb 路径遍历漏洞
Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A path traversal vulnerability exists in Vvveb version 1.0.7.3 and earlier, which stems from incorrect manipulation of File, a parameter of the function sanitizeFileName of...
PT-2025-43861
Name of the Vulnerable Software and Affected Versions givanz Vvveb versions up to 1.0.7.3 Description A weakness exists in givanz Vvveb related to path traversal. This issue affects the sanitizeFileName function within the system/functions.php file of the Code Editor component. Manipulation of th...
Remote Code Execution Vulnerability in Vvveb
Vvveb CMS is vulnerable to code injection via the Code Editor functionality. Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem, allowing remote authenticated attackers with access to the Code Editor to achieve code execution wh...