1260 matches found
PT-2026-34081
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 Oracle GraalVM for JDK versions 17.0.18, 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the JGSS component allows an...
CVE-2025-68120
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
theshit vulnerable to unsafe loading of user-owned Python rules when running as root
The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues...
EUVD-2025-205668
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
GHSA-FJMR-7667-8V4P Visual Studio Code Go extension has unexpected untrusted code execution
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
Visual Studio Code Go extension has unexpected untrusted code execution
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
CVE-2025-68120
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
CVE-2025-68120
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. A security vulnerability exists in Google Go that stems from the possibility of triggering untrusted code execution in restricted mode...
CVE-2025-68120 Unexpected untrusted code execution in github.com/golang/vscode-go
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
CVE-2025-68120
CVE-2025-68120 is a remote code execution vulnerability in the Visual Studio Code Go extension that bypasses Restricted Mode. The root cause is an incomplete blacklist of trusted/untrusted configurations, allowing untrusted workspace settings (eg, go.buildFlags) to reach the extension (via extens...
CVE-2025-68120 Unexpected untrusted code execution in github.com/golang/vscode-go
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
GO-2025-4249 Unexpected untrusted code execution in github.com/golang/vscode-go
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
PT-2025-53815
Name of the Vulnerable Software and Affected Versions Visual Studio Code Go extension affected versions not specified Description The Visual Studio Code Go extension was disabled in Restricted Mode to prevent unexpected untrusted code execution. Recommendations At the moment, there is no...
Unity Linux 20.1070e Security Update: emacs (UTSA-2025-991092)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991092 advisory. In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger...
Code Injection
@anthropic-ai/claude-code is vulnerable to code injection.The vulnerability is due to a flaw in the startup trust dialog that allows an attacker to trick the tool into executing untrusted project code before the user approves the dialog...
CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...
CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...
openjdk: Enhance Path Factories (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...
HSEC-2025-0006 Private key leak via inherited file descriptor
Private key leak via inherited file descriptor The X.509 key reading function readKeyFile opened a file descriptor to the private key without setting the close-on-exec flag. If a child process is execed at the same time, it would inherit that file descriptor and could read the private key materia...