15202 matches found
[SECURITY] Fedora 42 Update: rust-git-interactive-rebase-tool-2.4.1-15.fc42
Full-featured terminal-based sequence editor for Git interactive rebase...
[SECURITY] Fedora 42 Update: helix-25.07.1-7.fc42
A Kakoune / Neovim inspired editor, written in Rust...
CVE-2024-50620
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...
PT-2026-7495
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
PT-2026-7656
Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17 Description The software contains flaws related to unrestricted file uploads with dangerous file types in the rich text editor and document management components. A user with authorization can upload...
CVE-2024-50620
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...
CIPPlanner CIPAce 安全漏洞
CIPPlanner CIPAce is a business process automation and application development platform provided by the American company CIPPlanner. Versions of CIPPlanner CIPAce prior to version 9.17 contained security vulnerabilities. These vulnerabilities stemmed from the rich text editor and document...
CVE-2024-50620
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...
CVE-2024-50620
CVE-2024-50620 affects CIPPlanner CIPAce prior to 9.17, where Unrestricted Upload of File with Dangerous Type exists in the rich text editor and document management components. An authorized user can upload executable files when inserting images or during document uploads; such executables can be...
WordPress plugin Flask Micro code-editor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress IDE Micro code-editor plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin IDE Micro code-editor versions = 1.0.0...
WordPress Category Image plugin <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability
Authenticated Editor+ Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability discovered by 0x34rth in WordPress Plugin Category Image versions = 2.0...
CVE-2026-25805
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
CVE-2026-25805 Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
CVE-2026-25805
Zed Editor (multiplayer code editor) before version 0.219.4 fails to reveal the parameters used when invoking a tool and does not show post-invocation parameters, creating a potential for unnoticed use of unwanted or malicious values. A fix is included in 0.219.4 which adds expandable tool call d...
CVE-2026-25805 Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
CVE-2026-25805
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
CVE-2026-25805 Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
CVE-2026-0488
An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...
CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)
An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...