Lucene search
K

850 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 4:10 p.m.8 views

CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 4:10 p.m.11 views

EUVD-2026-32937

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References1
CVE
CVE
added 2026/05/28 4:10 p.m.22 views

CVE-2026-44465

Zed IDE (prior to 0.227.1) is affected. Opening a folder that contains a malicious .git/config file abuses the core.fsmonitor Git configuration option, allowing an attacker to execute arbitrary commands and achieve Remote Code Execution when a user opens the folder in untrusted mode. The issue is...

8.6CVSS6.1AI score0.00297EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

com.datasqrl:sqrl-discovery (>=0.9.0 <=0.10.4), com.datasqrl:sqrl-planner (>=0.9.0 <=0.10.4) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (=2.2.0)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-planner2.12 and may be impacted: - com.datasqrl:sqrl-discovery =0.9.0, =0.9.0, =0.9.0, =0.2.0, =0.2.0, =0.2.0,...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.13 views

CVE-2026-42213

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.9 views

Faraday 5.20.1

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/08 10:16 p.m.12 views

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS0.00314EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 10:16 p.m.14 views

CVE-2026-42213

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 9:38 p.m.32 views

CVE-2026-42213 SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS0.00454EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 9:38 p.m.15 views

CVE-2026-42213

SolidCAM-GPPL-IDE (unofficial GPPL Postprocessor IDE) contains a vulnerability in the inc "filename" directive handling. GpplDocumentLinkHandler resolves the directive into clickable links and probes arbitrary paths (absolute, relative with .., UNC paths, etc.) using File.Exists to decide renderi...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 9:38 p.m.9 views

CVE-2026-42213 SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 9:35 p.m.33 views

CVE-2026-42212 SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS0.00314EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 9:35 p.m.10 views

CVE-2026-42212 SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 9:35 p.m.16 views

CVE-2026-42212

CVE-2026-42212 – SolidCAM-GPPL-IDE (Postprocessor IDE) affects versions 1.0.0–1.0.1 of the unofficial SolidCAM extension. The VMID parser loads XML with XDocument.Load(...) without XmlReaderSettings, enabling DTD processing and leading to XXE and related risks. Impact per sources includes local f...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:35 p.m.9 views

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Postprocessor IDE for SolidCAM 资源管理错误漏洞

Postprocessor IDE for SolidCAM is a GPPL language development support tool developed by Andrey Zorin. Versions of Postprocessor IDE for SolidCAM from 1.0.0 to 1.0.2 contained a resource management vulnerability. This vulnerability arose from the language server’s parsing of.vmid files in the same...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39201

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description The GpplDocumentLinkHandler resolves the filename directive in GPPL postprocessor files into clickable links. The handler accepts arbitrary absolute, relative, UNC, and subfolder paths...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/29 12:22 p.m.7 views

Malicious Package

Overview chai-as-ide is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
HackRead
HackRead
added 2026/04/29 9:1 a.m.21 views

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories...

9.9CVSS5.3AI score0.0049EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.3 views

FreeBSD : Gitlab -- vulnerabilities (73b927a6-3ecd-11f1-be20-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 73b927a6-3ecd-11f1-be20-2cf05da270f3 advisory. Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab...

8.1CVSS5.4AI score0.00407EPSS
Exploits0References13
Rows per page
Query Builder