206 matches found
CVE-2026-45555
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...
CVE-2026-45555
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...
CVE-2026-45555
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...
EUVD-2026-33302
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...
CVE-2026-45555 Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...
CVE-2026-9811
A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...
openSUSE 16 Security Update : kdenlive (openSUSE-SU-2026:20723-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20723-1 advisory. Changes in kdenlive: - CVE-2026-45184: Fixed a remote code execution through opening a malicious project file boo1264711. Tenable has extracted the...
OPENSUSE-SU-2026:20723-1 Security update for kdenlive
This update for kdenlive fixes the following issues: Changes in kdenlive: - CVE-2026-45184: Fixed a remote code execution through opening a malicious project file boo1264711...
EUVD-2026-23430
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...
CVE-2026-41153
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...
CVE-2026-41153
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...
CVE-2026-41153
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...
CVE-2026-41153
CVE-2026-41153 affects JetBrains Junie prior to 252.549.29. Affected component is the project file handling, enabling command execution via a malicious project file. Public sources (PT-2026-33457) recommend updating to version 252.549.29 or later as a remediation. CVSS data in the initial record ...
PT-2026-33457
Name of the Vulnerable Software and Affected Versions JetBrains Junie versions prior to 252.549.29 Description Command execution is possible through the use of a malicious project file. Recommendations Update to version 252.549.29 or later...
JetBrains Junie 安全漏洞
JetBrains Junie is a coding proxy provided by the Czech company JetBrains. Versions of JetBrains Junie prior to 252.549.29 contained security vulnerabilities, which were due to the possibility of executing commands through malicious project files...
CVE-2023-7343 Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File
Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision...
Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The specific flaw exists within the handling of mcp.json files. T...
CVE-2026-1286
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file...
CVE-2026-2273
CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...
EUVD-2026-12047
@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script...