CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

157 matches found

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS0.00073EPSS

Exploits0References2

Fedora•added 2026/04/25 1:55 a.m.•2 views

[SECURITY] Fedora 44 Update: qt-creator-19.0.0-0.3.fc44

Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...

5.3AI score

Exploits0

NVD•added 2026/04/22 5:16 p.m.•1 views

CVE-2026-5262

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input...

8CVSS0.00073EPSS

Exploits0References3

Wiz blog•added 2026/04/21 12:57 p.m.•3 views

Closing the Security Gap in the Age of Agentic Coding

AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE...

5.8AI score

Exploits0

CVE•added 2026/03/31 12:0 a.m.•2 views

CVE-2026-30309

CVE-2026-30309 affects InfCode’s terminal auto-execution module. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (e.g., powershell), and the matching algorithm lacks dynamic semantic parsing, failing to recognize string concatenation, variable assignment, o...

7.8CVSS6.5AI score0.00038EPSS

Exploits0References2Affected Software1

Packet Storm News•added 2026/01/27 12:0 a.m.•2 views

Faraday 5.19.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

5.9AI score

Exploits0

EUVD•added 2025/12/18 3:15 p.m.•3 views

EUVD-2025-204309

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...

4.8CVSS6.2AI score0.00013EPSS

Exploits0References4

CNNVD•added 2025/12/18 12:0 a.m.•2 views

EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from a memory corruption when loading invalid firmware in the bootloader...

7.8CVSS6.7AI score0.00015EPSS

Exploits0References1

OSV•added 2025/11/19 4:40 p.m.•6 views

CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

3.5CVSS6.6AI score0.00022EPSS

Exploits1References4

CNNVD•added 2025/11/15 12:0 a.m.•2 views

AVEVA Application Server 安全漏洞

AVEVA Application Server is an industrial automation real-time control platform from AVEVA UK. A security vulnerability exists in AVEVA Application Server that stems from a cross-site script injection issue in the IDE component that could lead to elevation of privilege...

7.2CVSS6.7AI score0.00015EPSS

Exploits0References4

Vulnrichment•added 2025/11/14 11:57 p.m.•2 views

CVE-2025-8386 AVEVA Application Server IDE Basic Cross-site Scripting

The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...

7.2CVSS5.8AI score0.00015EPSS

Exploits0References3

CVE•added 2025/11/14 11:57 p.m.•8 views

CVE-2025-8386

CVE-2025-8386 relates to AVEVA Application Server IDE: an authenticated user with the privileges of “aaConfigTools” can tamper App Objects’ help files to inject persistent cross-site scripting (XSS). This is described as exploitable only during config-time operations in the IDE component; run-tim...

7.2CVSS5.8AI score0.00015EPSS

Exploits0References3

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-179300

Malicious code in development-warp-geoarchaeology-odin npm...

6.6AI score

Exploits0

Fedora•added 2025/10/30 4:36 a.m.•5 views

[SECURITY] Fedora 42 Update: qt-creator-16.0.2-3.fc42

Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...

9.4CVSS6.9AI score0.00022EPSS

Exploits0