41 matches found
Unsafe Dependency Resolution
Overview @theia/debug is a Theia - Debug Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a...
Unsafe Dependency Resolution
Overview @theia/task is a Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend. Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. A...
Unsafe Dependency Resolution
Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introduci...
Unsafe Dependency Resolution
Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...
EUVD-2026-17373
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2025-65715
The CVE-2025-65715 entry affects the Visual Studio Code extension Code Runner (v0.12.2). The vulnerability lies in the code-runner.executorMap setting, which can be manipulated to cause arbitrary code execution when a crafted workspace is opened. Evidence from multiple sources confirms this vulne...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
PT-2026-8354
Name of the Vulnerable Software and Affected Versions Code Runner versions prior to 0.12.2 Description A flaw exists in the code-runner.executorMap setting of the Code Runner extension for Visual Studio Code. This allows for the execution of arbitrary code when a specially crafted workspace is...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2021-28967
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings...
CVE-2021-28792
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...
CVE-2021-29658
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...
CVE-2021-28956
The unofficial vscode-sass-lint aka Sass Lint extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Denial Of Service (DoS)
xen is vulnerable to denial of service. The unofficial MATLAB extension for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...