CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

301 matches found

Positive Technologies•added 2025/04/02 12:0 a.m.•1 views

PT-2025-14551 · Arduino · Arduino Ide

Name of the Vulnerable Software and Affected Versions: Arduino IDE versions prior to 2.3.5 Description: A Self Cross-Site Scripting XSS vulnerability has been identified in the Arduino IDE. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the Preferences ...

4.6CVSS5.5AI score0.00192EPSS

Exploits0References9

CNVD•added 2024/10/17 12:0 a.m.•12 views

Microsoft Visual Studio Code extension for Arduino remote code execution vulnerability

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in the Microsoft Visual Studio Code extension for Arduino, which can be exploited by an attacker to execute arbitrary code on a system...

9.8CVSS8.1AI score0.02519EPSS

Exploits0References1

Talos Blog•added 2024/10/08 7:4 p.m.•43 views

Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities

The largest Microsoft Patch Tuesday since July includes two vulnerabilities that have been exploited in the wild and three other critical issues across the company's range of hardware and software offerings. October's monthly security update from Microsoft includes fixes for 117 CVEs, the most in...

9.8CVSS10AI score0.83112EPSS

Exploits5

OSV•added 2024/10/08 6:15 p.m.•0 views

CVE-2024-43488

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

9.8CVSS6.3AI score0.02519EPSS

Exploits0References1

NVD•added 2024/10/08 6:15 p.m.•23 views

CVE-2024-43488

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

9.8CVSS0.02519EPSS

Exploits0References1

Cvelist•added 2024/10/08 5:36 p.m.•28 views

CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

...

8.8CVSS0.02519EPSS

Exploits0References1

Vulnrichment•added 2024/10/08 5:36 p.m.•26 views

CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

...

8.8CVSS7.2AI score0.02519EPSS

Exploits0References1

CVE•added 2024/10/08 5:36 p.m.•93 views

CVE-2024-43488

CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...

9.8CVSS9.8AI score0.02519EPSS

Exploits0References1Affected Software1

Microsoft CVE•added 2024/10/08 7:0 a.m.•25 views

Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

9.8CVSS8.8AI score0.02519EPSS

Exploits0

Positive Technologies•added 2024/10/08 12:0 a.m.•3 views

PT-2024-6977 · Microsoft · Visual Studio Code Extension For Arduino

Name of the Vulnerable Software and Affected Versions: Visual Studio Code extension for Arduino affected versions not specified Description: The issue is related to missing authentication for a critical function in the Visual Studio Code extension for Arduino, allowing an unauthenticated attacker...

9.8CVSS8.4AI score0.02519EPSS

Exploits0References9

CNNVD•added 2024/10/08 12:0 a.m.•2 views

Microsoft Visual Studio Code 访问控制错误漏洞

9.8CVSS8.5AI score0.02519EPSS

Exploits0References2

Kaspersky•added 2024/10/08 12:0 a.m.•61 views

KLA73906 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Visual C++...

9.8CVSS9.2AI score0.02519EPSS

Exploits0References34

NVD•added 2024/09/17 7:15 p.m.•27 views

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS0.00319EPSS

Exploits0References5

CVE•added 2024/09/17 6:8 p.m.•50 views

CVE-2024-45798

The CVE-2024-45798 entry concerns the arduino-esp32 Arduino core for ESP32/variants. The connected documents describe multiple Poisoned Pipeline Execution (PPE) vulnerabilities in the CI workflow, specifically code injection in tests_results.yml (GHSL-2024-169) and environment variable injection ...

9.9CVSS9.9AI score0.00319EPSS

Exploits0References5

OSV•added 2024/09/17 6:8 p.m.•1 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

9.9CVSS8.2AI score0.00319EPSS

Exploits0References7

Cvelist•added 2024/09/17 6:8 p.m.•15 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

9.9CVSS0.00319EPSS

Exploits0References5

Vulnrichment•added 2024/09/17 6:8 p.m.•20 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

9.9CVSS7.6AI score0.00319EPSS

Exploits0References5

Positive Technologies•added 2024/09/17 12:0 a.m.•1 views

PT-2024-31779 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 affected versions not specified Description: The issue concerns multiple Poisoned Pipeline Execution PPE vulnerabilities in the arduino-esp32 CI, including code injection in the tests results.yml workflow and environment variabl...

9.9CVSS8AI score0.00319EPSS

Exploits0References11

CNNVD•added 2024/09/17 12:0 a.m.•2 views

arduino-esp32 操作系统命令注入漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An operating system command injection vulnerability exists in arduino-esp32 version 26db8cba32e77050f177e8cb0f879614c57bc5f2, which stems from code injection and environment...

9.9CVSS7.6AI score0.00319EPSS

Exploits0References6

OSV•added 2024/01/29 4:15 a.m.•8 views

MAL-2024-927 Malicious code in arduino-ide-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcf7ca9bf0f189fb107121b5376feaf1535112a7c3e0c2d426fb74d95e3bf8f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by