Lucene search
K

13 matches found

OSV
OSV
added 2026/05/05 8:52 p.m.3 views

CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS6AI score0.00281EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.9 views

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.8AI score0.0027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.6 views

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS7.7AI score0.00252EPSS
Exploits1References1
NVD
NVD
added 2025/12/17 11:16 p.m.9 views

CVE-2025-68432

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS0.0027EPSS
Exploits1References2
NVD
NVD
added 2025/12/17 11:16 p.m.15 views

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS0.00252EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/17 10:47 p.m.10 views

EUVD-2025-204009

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS7.3AI score0.00252EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/17 10:47 p.m.4 views

CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

7.7CVSS7.4AI score0.00252EPSS
Exploits1References2
CVE
CVE
added 2025/12/17 10:47 p.m.20 views

CVE-2025-68433

CVE-2025-68433 affects Zed IDE prior to 0.218.2-pre. The vulnerability arises from loading MCP configurations from a project/.zed/settings.json without explicit user confirmation, allowing a malicious MCP to execute arbitrary shell commands on the host with the IDE user’s privileges when a projec...

7.7CVSS7.4AI score0.00252EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/12/17 10:45 p.m.6 views

EUVD-2025-204010

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.3AI score0.0027EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/17 10:45 p.m.27 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS0.0027EPSS
Exploits1References2
OSV
OSV
added 2025/12/17 10:45 p.m.10 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.8AI score0.0027EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.13 views

PT-2025-51976

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...

7.7CVSS7.7AI score0.00252EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51975

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution. The IDE loads Language Server Protocol LSP configurations from the settings.json file within a project’s .zed subdirectory. A malicious LSP...

7.7CVSS8AI score0.0027EPSS
Exploits1References6
Rows per page
Query Builder