CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

EUVD-2025-204009

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

SUSE CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-12120 CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2025-12120

Lite XL

CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...

Project Open CMS 5.0.3 Cross Site Scripting / SQL Injection

Document Title: =============== Project Open v5.0.3 CMS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2225 Release Date: ============= 2020-04-25 Vulnerability Laboratory ID VL-ID: ==================================== 22...

CVE-2019-12180

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

The vulnerability of Visual Studio Code’s source editor, related to a bug in file handling after opening a project, allows attackers to modify file access rights and execute arbitrary code.

The vulnerability of Visual Studio Code’s source editor is related to a error in variable handling after a project is opened. Exploiting this vulnerability could allow an attacker to modify file access rights and execute arbitrary code...

CVE-2012-1027

Cross-site scripting XSS vulnerability in account-closed.tcl in project-open aka po 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed...

Cross site scripting

Cross-site scripting XSS vulnerability in account-closed.tcl in project-open aka po 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed...

CVE-2012-1027

Cross-site scripting XSS vulnerability in account-closed.tcl in project-open aka po 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed...

CVE-2012-1027

CVE-2012-1027 is a cross-site scripting (XSS) vulnerability in the account-closed.tcl script of ]project-open[ (aka ]po[). The issue is a reflected XSS via the message parameter to the URL path /register/account-closed, affecting ]project-open[ 3.4.x, 3.5.0.1-2 and possibly other versions. Impact...

Project Open Cross Site Scripting

Vulnerability Title: Project Open po - "account-closed.tcl" Reflective Cross Site Scripting Author: Michail Poultsakis Date of Vendor and CERT Contact: 2011.12.08 Publication Date: 2012.02.02 Product Link: http://www.project-open.com Affected Product Version: 3.4.x Project Open po version 3.4.x...

project-open 3.4.x - account-closed.tcl Cross-Site Scripting

project-open 3.4.x - account-closed.tcl Cross-Site Scripting source: https://www.securityfocus.com/bid/51842/info project-open is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...

project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting

source: https://www.securityfocus.com/bid/51842/info project-open is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...