Lucene search
+L

273 matches found

CVE
CVE
added 2025/12/17 10:45 p.m.19 views

CVE-2025-68432

Summary: CVE-2025-68432 affects Zed IDE and enables arbitrary code execution by loading LSP configurations from a project’s .zed/settings.json. A malicious LSP entry could execute shell commands with the user’s privileges when a project file with an LSP entry is opened. Affected versions: prior t...

7.7CVSS7.5AI score0.00275EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/17 10:45 p.m.11 views

CVE-2025-68432 Zed IDE LSP Binary Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol LSP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious LSP configuration can contain arbitrary shell...

7.7CVSS7.8AI score0.00275EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.13 views

PT-2025-51976

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.218.2-pre Description The Zed IDE is susceptible to arbitrary code execution through maliciously crafted Model Context Protocol MCP configurations. These configurations, found in the settings.json file within a project’...

7.7CVSS7.7AI score0.00262EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Zed 命令注入漏洞

Zed is an open source code editor from Zed Industries. A command injection vulnerability exists in versions prior to Zed 0.218.2-pre that stems from loading a malicious LSP configuration from the settings.json file in the project.zed subdirectory, which could lead to arbitrary code execution...

7.7CVSS8AI score0.00275EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

Zed 命令注入漏洞

Zed is an open source code editor from Zed Industries. A command injection vulnerability exists in versions prior to Zed 0.218.2-pre that stems from loading a malicious MCP configuration from the settings.json file in the project.zed subdirectory, which could lead to arbitrary code execution...

7.7CVSS8AI score0.00262EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.6 views

Zed Attack Proxy 2.17.0 Cross Platform Package

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/06 3:24 p.m.13 views

Researcher Uncovers 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence AI-powered Integrated Development Environments IDEs that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been...

9.8CVSS8.7AI score0.06583EPSS
Exploits3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-16856

Malware in sbrugna...

5.3CVSS5.5AI score0.01103EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8327

Malware in sbrugna...

9.8CVSS9.5AI score0.03236EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-47186

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00779EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-55232

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00226EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-47185

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00446EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1452

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00654EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24182

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/13 10:28 p.m.12 views

CVE-2025-55012

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

8.5CVSS8.4AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/08/11 10:15 p.m.9 views

CVE-2025-55012

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

8.5CVSS0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 9:25 p.m.2 views

CVE-2025-55012 Zed AI Agent Remote Code Execution

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

8.5CVSS8.3AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 9:25 p.m.9 views

CVE-2025-55012 Zed AI Agent Remote Code Execution

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

8.5CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/08/11 9:25 p.m.20 views

CVE-2025-55012

CVE-2025-55012 affects Zed, a multiplayer code editor. Before version 0.197.3, the Zed Agent Panel could allow an AI agent to bypass user permission checks and trigger Remote Code Execution by creating/modifying a project-specific configuration file, enabling arbitrary commands on a victim’s mach...

8.5CVSS8.3AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 9:25 p.m.4 views

CVE-2025-55012 Zed AI Agent Remote Code Execution

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

8.5CVSS7.8AI score0.00205EPSS
Exploits0References3
Rows per page
Query Builder