11 matches found
CVE-2026-60089
PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...
CVE-2026-60089 PraisonAI before 1.6.78 Path Traversal via config.toml
PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...
CVE-2026-49145
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
EUVD-2026-42274
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...
EUVD-2025-32311
Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...
CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config
Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...
CVE-2025-55012
Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...
CVE-2025-55012 Zed AI Agent Remote Code Execution
Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...
CVE-2025-1568
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelin...
Malicious code in u-workflow.module.common.project-config (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-3251 Malicious code in u-workflow.module.common.project-config (npm)
--- -= Per source details. Do not edit below this line.=-...