CVE-2026-49241

The CVE concerns the Angular Language Service VS Code Extension (pre-21.2.4). It reads custom tsdk paths from workspace settings without Workspace Trust checks, then dynamically loads tsserverlibrary.js from a user-specified folder during server initialization. An attacker could commit a reposito...

CVE-2026-25931

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

Malicious code in cline-ai-main.cline-ai-agent (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 04aeefbf39e1e9157280b91899a141e4f4c6619d434c594e4a2d3bf43883dbe6 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

GitLab gitlab-vscode-extension 跨站脚本漏洞

GitLab gitlab-vscode-extension is a VSCode code editor extension for Gitlab from GitLab USA. A cross-site scripting vulnerability exists in GitLab gitlab-vscode-extension. An attacker can exploit this vulnerability to perform a cross-site scripting attack...