Lucene search
K

249 matches found

CVE
CVE
added 2026/06/30 2:30 p.m.16 views

CVE-2026-48192

CVE-2026-48192 affects Mendix Studio Pro across multiple versions (10.x and 11.x) with a flaw where built project files are not properly validated/sanitized during the build pipeline. An attacker could trick a user into opening and running a specially crafted malicious project locally, potentiall...

6.8CVSS6.1AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53897

Name of the Vulnerable Software and Affected Versions Mendix Studio Pro versions 10.11 through 10.23 Mendix Studio Pro versions prior to 10.24.21 Mendix Studio Pro versions 11.0 through 11.5 Mendix Studio Pro versions prior to 11.6.7 Mendix Studio Pro versions 11.7 through 11.11 Description...

6.8CVSS6.3AI score0.00193EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/17 2:12 p.m.12 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the processing of crafted project names containing shell metacharacters during the generation of OpenStack RC files. An attacker can access sensitive information or modify data by tricking a highly privileged user...

7.3CVSS6AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44846

Name of the Vulnerable Software and Affected Versions Roslyn CodeLens MCP Server versions 0.0.9 through 1.16.0 Description The get diagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without an allowlist, signature check, or user confirmatio...

7.8CVSS6.2AI score0.00143EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/15 2:3 p.m.16 views

CVE-2026-45184

A flaw was found in Kdenlive. This vulnerability allows an attacker to use dangerous proxy parameters when a user opens a specially crafted project file. Successful exploitation could lead to arbitrary code execution or information disclosure on the affected system...

6.5CVSS6.2AI score0.00149EPSS
Exploits0References2
Veracode
Veracode
added 2026/03/28 5:28 a.m.18 views

Remote Code Execution (RCE)

ruby-lsp is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized interpolation of the rubyLsp.branch setting into a generated Gemfile, which allows an attacker to inject malicious code that executes when a user opens a crafted project...

9.8CVSS6.1AI score0.00479EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.13 views

CVE-2026-4295

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 9:31 p.m.4 views

EUVD-2026-12638

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 7:11 p.m.26 views

CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/03/17 7:11 p.m.9 views

CVE-2026-4295

CVE-2026-4295 affects Kiro IDE prior to 0.8.0. Improper trust boundary enforcement may allow a remote unauthenticated actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. Affected software: K...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 7:11 p.m.2 views

CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 7:11 p.m.4 views

CVE-2026-4295

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/02/03 6:30 p.m.3 views

Command Injection

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Command Injection via the project files import proccess. An attacker can execute arbitrary system commands by uploading a crafted project file containing...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.8 views

CVE-2023-43624

CX-Designer Ver.3.740 and earlier included in CX-One CXONE-ALD-V4 contains an improper restriction of XML external entity reference XXE vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed m...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.8 views

CVE-2021-22655

Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite versions prior to 4.0.10.0...

7.8CVSS7.9AI score0.01191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.16 views

CVE-2021-22791

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...

6.5CVSS6.8AI score0.00832EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/18 12:35 a.m.12 views

CVE-2025-53524

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS7.7AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 1:15 a.m.4 views

CVE-2025-53524

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 12:19 a.m.6 views

CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS7.4AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/17 12:19 a.m.5 views

EUVD-2025-203858

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS7.2AI score0.00219EPSS
Exploits0References4
Rows per page
Query Builder