850 matches found
CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...
EUVD-2026-32937
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...
CVE-2026-44465
Zed IDE (prior to 0.227.1) is affected. Opening a folder that contains a malicious .git/config file abuses the core.fsmonitor Git configuration option, allowing an attacker to execute arbitrary commands and achieve Remote Code Execution when a user opens the folder in untrusted mode. The issue is...
com.datasqrl:sqrl-discovery (>=0.9.0 <=0.10.4), com.datasqrl:sqrl-planner (>=0.9.0 <=0.10.4) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (=2.2.0)
org.apache.flink:flink-table-planner2.12 MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-planner2.12 and may be impacted: - com.datasqrl:sqrl-discovery =0.9.0, =0.9.0, =0.9.0, =0.2.0, =0.2.0, =0.2.0,...
CVE-2026-42213
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...
Faraday 5.20.1
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
CVE-2026-42212
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...
CVE-2026-42213
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...
CVE-2026-42213 SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...
CVE-2026-42213
SolidCAM-GPPL-IDE (unofficial GPPL Postprocessor IDE) contains a vulnerability in the inc "filename" directive handling. GpplDocumentLinkHandler resolves the directive into clickable links and probes arbitrary paths (absolute, relative with .., UNC paths, etc.) using File.Exists to decide renderi...
CVE-2026-42213 SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...
CVE-2026-42212 SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...
CVE-2026-42212 SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...
CVE-2026-42212
CVE-2026-42212 – SolidCAM-GPPL-IDE (Postprocessor IDE) affects versions 1.0.0–1.0.1 of the unofficial SolidCAM extension. The VMID parser loads XML with XDocument.Load(...) without XmlReaderSettings, enabling DTD processing and leading to XXE and related risks. Impact per sources includes local f...
CVE-2026-42212
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...
Postprocessor IDE for SolidCAM 资源管理错误漏洞
Postprocessor IDE for SolidCAM is a GPPL language development support tool developed by Andrey Zorin. Versions of Postprocessor IDE for SolidCAM from 1.0.0 to 1.0.2 contained a resource management vulnerability. This vulnerability arose from the language server’s parsing of.vmid files in the same...
PT-2026-39201
Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description The GpplDocumentLinkHandler resolves the filename directive in GPPL postprocessor files into clickable links. The handler accepts arbitrary absolute, relative, UNC, and subfolder paths...
Malicious Package
Overview chai-as-ide is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories...
FreeBSD : Gitlab -- vulnerabilities (73b927a6-3ecd-11f1-be20-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 73b927a6-3ecd-11f1-be20-2cf05da270f3 advisory. Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab...