Lucene search
+L

13 matches found

Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15622 poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS0.00353EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43599

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score0.00353EPSS
Exploits0References8
OSV
OSV
added 3 days ago4 views

CVE-2026-15622 poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score0.00353EPSS
Exploits0References10
CVE
CVE
added 4 days ago9 views

CVE-2026-26396

OpenBMB XAgent v1.0.0 and earlier are affected by a path traversal in the file() function within XAgent/XAgentServer/application/routers/workspace.py. The input parameter filename is user-controllable and concatenated into the file path without proper validation, enabling potential disclosure of ...

7.5CVSS6AI score0.00746EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/06 3:10 p.m.6 views

CVE-2026-55180

A flaw was found in pnpm and pacquet. A malicious repository could exploit this vulnerability by crafting specific .npmrc or pnpm-workspace.yaml files. When these package managers process these files, they improperly expand environment variable placeholders, leading to the disclosure of sensitive...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References4
NVD
NVD
added 2025/10/03 5:15 p.m.11 views

CVE-2025-61590

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...

7.5CVSS0.00485EPSS
Exploits0References1
OSV
OSV
added 2025/10/03 4:27 p.m.6 views

CVE-2025-61590 Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...

7.5CVSS7.7AI score0.00485EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/05 10:51 p.m.7 views

CVE-2025-58372 Roo Code: Potential Remote Code Execution via .code-workspace

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files .code-workspace are not protected in the same way as the .vscode folder. If the agent was configured to auto-appro...

8.1CVSS7.4AI score0.00495EPSS
Exploits0References3
OSV
OSV
added 2021/06/11 4:15 p.m.6 views

CVE-2021-22752

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP Workspace file is being parsed by IGSS Definition...

7.8CVSS6.3AI score0.01172EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/11 3:40 p.m.26 views

CVE-2021-22752

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP Workspace file is being parsed by IGSS Definition...

8.2AI score0.01172EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.8 views

IGSS Definition 路径遍历漏洞

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. A remote code execution vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...

7.8CVSS6.6AI score0.01395EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/02/17 7:6 p.m.2 views

jenkins: Arbitrary file read vulnerability in workspace browsers

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

6.5CVSS5.9AI score0.02226EPSS
Exploits0References4
CNVD
CNVD
added 2019/08/02 12:0 a.m.4 views

CloudBees Jenkins Google Kubernetes Engine Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Google Kubernetes Engine Plugin is used in whi...

4.3CVSS6.1AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder