235 matches found
PT-2026-44846
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the get diagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or use...
CVE-2026-45184
A flaw was found in Kdenlive. This vulnerability allows an attacker to use dangerous proxy parameters when a user opens a specially crafted project file. Successful exploitation could lead to arbitrary code execution or information disclosure on the affected system...
Remote Code Execution (RCE)
ruby-lsp is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized interpolation of the rubyLsp.branch setting into a generated Gemfile, which allows an attacker to inject malicious code that executes when a user opens a crafted project...
CVE-2026-4295
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...
EUVD-2026-12638
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...
CVE-2026-4295
CVE-2026-4295 affects Kiro IDE prior to 0.8.0. Improper trust boundary enforcement may allow a remote unauthenticated actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. Affected software: K...
CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...
CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...
CVE-2026-4295
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...
Command Injection
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Command Injection via the project files import proccess. An attacker can execute arbitrary system commands by uploading a crafted project file containing...
CVE-2023-43624
CX-Designer Ver.3.740 and earlier included in CX-One CXONE-ALD-V4 contains an improper restriction of XML external entity reference XXE vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed m...
CVE-2021-22655
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite versions prior to 4.0.10.0...
CVE-2021-22791
A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...
CVE-2025-53524
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
CVE-2025-53524
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
CVE-2025-53524
Fuji Electric Monitouch V-SFT-6 is affected. The vulnerability is an out-of-bounds write during parsing of specially crafted project files (notably in V7 file parsing), which can lead to arbitrary code execution. Exploitation requires user interaction (per ZDI advisories) and is described as remo...
EUVD-2025-203858
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
Fuji Electric Monitouch V-SFT-6 缓冲区错误漏洞
Fuji Electric Monitouch V-SFT-6 is a screen configuration software from Fuji Electric, Japan. A buffer error vulnerability exists in Fuji Electric Monitouch V-SFT-6, which originates from an out-of-bounds write when processing a specially crafted project file, and could lead to the execution of...