58 matches found
Anthropic Claude Code < 2.0.65 API Key Leak via Project Settings (CVE-2026-21852)
The version of Anthropic Claude Code installed on the remote host is prior to 2.0.65. It is, therefore, affected by an information disclosure vulnerability. A vulnerability in the project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirm...
CVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68433
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...
CVE-2025-68432
Summary: CVE-2025-68432 affects Zed IDE and enables arbitrary code execution by loading LSP configurations from a project’s .zed/settings.json. A malicious LSP entry could execute shell commands with the user’s privileges when a project file with an LSP entry is opened. Affected versions: prior t...
PT-2025-51976
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...
PT-2025-51975
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol LSP configurations from the settings.json file within a project’s .zed subdirectory. A malicious LSP...
MicrosoftAmplifierPoC
Microsoft Amplifier RCE PoC Proof of concept demonstrating re...
EUVD-2023-12309
Malicious code in bioql PyPI...
EUVD-2024-42218
Malicious code in bioql PyPI...
EUVD-2024-46330
Malicious code in bioql PyPI...
EUVD-2021-28340
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4...
CVE-2023-3964
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...
CVE-2024-46881
Develocity formerly Gradle Enterprise before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 in affected vulnerable versions does not include...