87 matches found
Unspecified Vulnerability in JetBrains IntelliJ IDEA
JetBrains IntelliJ IDEA is an integrated development environment IDE developed by JetBrains , designed to improve developer productivity and code quality , mainly for Java programming , but also supports Kotlin, Web, Spring and other languages and frameworks . A security vulnerability exists in...
CVE-2025-57729
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start...
CVE-2025-57729
CVE-2025-57729 affects JetBrains IntelliJ IDEA prior to 2025.2, where an automated LSP server startup can trigger an unexpected plugin startup. Multiple connected sources (CNVD, Red Hat, OSV, PT-Security, etc.) corroborate the issue and describe the root cause as the automatic LSP server initiali...
CVE-2025-57729
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start...
Improper Access Control
org.apache.zeppelin, zeppelin-server, interpreter is vulnerable to Improper Access Control. The vulnerability is due to the raft server protocol being accessible without authentication, which allows an attacker to view server resources including directories and files...
CVE-2025-30024
The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the raft server protocol. An attacker can access sensitive server resources, including directories and files, by sending unauthenticated requests. Remediatio...
CVE-2024-41169
The CVE concerns Apache Zeppelin (versions 0.10.1–0.12.0) where an unauthenticated raft server protocol can expose server resources, including directories and files. Root cause details in connected data indicate the raft-enabled components allow unauthenticated access, enabling an attacker to vie...
CVE-2024-41169 Apache Zeppelin: raft directory listing and file read
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...
PT-2025-29332 · Apache · Apache Zeppelin
Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.10.1 through 0.12.0 Description: An attacker can utilize the raft server protocol without authentication, enabling access to server resources, including directories and files. Recommendations: Upgrade to version...
CVE-2025-30025
The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation...
CVE-2025-30025
The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation...
AXIS Device Manager 安全漏洞
AXIS Device Manager is a device manager from Axis Sweden. AXIS Device Manager has a security vulnerability that originates from a flaw in the communication protocol between the client and the server, which could lead to a man-in-the-middle attack...
[SECURITY] Fedora 42 Update: qt6-qtlanguageserver-6.9.1-1.fc42
The Qt Language Server component provides an implementation of the Language Server protocol...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
CVE-2025-32433 Erlang/OTP SSH RCE EXP Description A serio...
Fedora: Security Advisory for qt6-qtlanguageserver (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: qt6-qtlanguageserver-6.7.1-2.fc40
The Qt Language Server component provides an implementation of the Language Server protocol...
CVE-2024-22415 Unsecured endpoints in the jupyter-lsp server extension
jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...
jupyterlab-lsp Security Vulnerabilities
jupyterlab-lsp is a tool that provides coding help for JupyterLab using the Language Server protocol. A security vulnerability exists in jupyterlab-lsp 2.2.1 and earlier versions, which stems from a lack of authentication of the jupyter-lsp server extension endpoint, allowing an attacker to acces...
GLSA-202401-21 : KTextEditor: Arbitrary Local Code Execution
The remote host is affected by the vulnerability described in GLSA-202401-21 KTextEditor: Arbitrary Local Code Execution - The LSP Language Server Protocol plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a...