122 matches found
GHSA-H67P-54HQ-RP68 vulnerabilities
Vulnerabilities for packages: code-server, unleash...
GHSA-96HV-2XVQ-FX4P vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-53550 vulnerabilities
Vulnerabilities for packages: code-server, unleash...
CVE-2026-48779 vulnerabilities
Vulnerabilities for packages: code-server...
GHSA-H67P-54HQ-RP68 vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-53550 vulnerabilities
Vulnerabilities for packages: code-server...
GHSA-96HV-2XVQ-FX4P vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-48779 vulnerabilities
Vulnerabilities for packages: code-server...
GHSA-W7JW-789Q-3M8P vulnerabilities
Vulnerabilities for packages: tileserver-gl, code-server...
CVE-2026-9277 vulnerabilities
Vulnerabilities for packages: tileserver-gl, code-server...
VS Code Extension Persistence
This module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested against 1.120....
VS Code Extension Persistence
This Metasploit module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested...
GHSA-58QX-3VCG-4XPX vulnerabilities
Vulnerabilities for packages: argo-workflows, opensearch-dashboards, vitess, kubeflow-pipelines, langfuse, code-server...
CVE-2026-45736 vulnerabilities
Vulnerabilities for packages: argo-workflows, opensearch-dashboards, vitess, kubeflow-pipelines, langfuse, code-server...
CVE-2026-44240 vulnerabilities
Vulnerabilities for packages: code-server...
GHSA-RPMF-866Q-6P89 vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...