17 matches found
CVE-2025-68433
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
EUVD-2025-204009
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
SUSE CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...
CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...
CVE-2025-12120
Lite XL
CVE-2025-12120 CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...
CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...
CVE-2022-24345
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...
Project Open CMS 5.0.3 Cross Site Scripting / SQL Injection
Document Title: =============== Project Open v5.0.3 CMS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2225 Release Date: ============= 2020-04-25 Vulnerability Laboratory ID VL-ID: ==================================== 22...
CVE-2019-12180
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...
CVE-2012-1027
Cross-site scripting XSS vulnerability in account-closed.tcl in project-open aka po 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed...
Cross site scripting
Cross-site scripting XSS vulnerability in account-closed.tcl in project-open aka po 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed...
CVE-2012-1027
Cross-site scripting XSS vulnerability in account-closed.tcl in project-open aka po 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed...
CVE-2012-1027
CVE-2012-1027 is a cross-site scripting (XSS) vulnerability in the account-closed.tcl script of ]project-open[ (aka ]po[). The issue is a reflected XSS via the message parameter to the URL path /register/account-closed, affecting ]project-open[ 3.4.x, 3.5.0.1-2 and possibly other versions. Impact...
project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting
source: https://www.securityfocus.com/bid/51842/info project-open is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...
project-open 3.4.x - account-closed.tcl Cross-Site Scripting
project-open 3.4.x - account-closed.tcl Cross-Site Scripting source: https://www.securityfocus.com/bid/51842/info project-open is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...
Project Open Cross Site Scripting
Vulnerability Title: Project Open po - "account-closed.tcl" Reflective Cross Site Scripting Author: Michail Poultsakis Date of Vendor and CERT Contact: 2011.12.08 Publication Date: 2012.02.02 Product Link: http://www.project-open.com Affected Product Version: 3.4.x Project Open po version 3.4.x...