Lucene search
K

9958 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 3:20 p.m.3 views

CVE-2026-50178

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/22 3:20 p.m.30 views

CVE-2026-50178 Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:20 p.m.20 views

CVE-2026-50178

The CVE-2026-50178 entry describes a remote code execution risk in the Angular Language Service VS Code Extension. The issue stems from the client-side tooltip renderer using isTrusted: true, which allows potentially malicious content to be treated as trusted Markdown. The background Angular Lang...

8.8CVSS5.9AI score0.00246EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51338

Name of the Vulnerable Software and Affected Versions Angular Language Service VS Code Extension versions prior to 21.2.4 Description The client-side extension configures the tooltip Markdown renderer with the isTrusted: true option, causing VS Code to trust all rendered content and enable active...

8.8CVSS5.9AI score0.00246EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 9:17 p.m.10 views

CVE-2026-50519

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00514EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 8:28 p.m.24 views

CVE-2026-50519

The CVE-2026-50519 entry concerns GitHub Copilot and Visual Studio Code where a resource initialized with an insecure default can allow an unauthorized attacker to disclose information over a network. Public sources (NVD) describe the impact as confidentiality compromise with network-exposed disc...

7.5CVSS5.8AI score0.00514EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/19 8:28 p.m.5 views

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

6.5CVSS5.8AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:28 p.m.18 views

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

6.5CVSS0.00514EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 8:28 p.m.7 views

EUVD-2026-38089

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00514EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/06/19 11:47 a.m.7 views

Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap

Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls—not someone else’s. But a vulnerability in Apple’s Beats Studio Buds shows how that...

8.8CVSS6AI score0.04372EPSS
Exploits0
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46871

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46850

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MySQL Shell. While the vulnerability is in...

9.9CVSS0.00521EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.93 views

Security Update for Microsoft Visual Studio Code (June 2026)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...

9.6CVSS5.5AI score0.00763EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-49979

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description A flaw in the Shell for VS Code component of Oracle MySQL allows a low-privileged attacker with network access via multiple protocols to compromise the system. Successful...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-49958

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via HTTP to compromise the software. Successful exploitation can...

9.9CVSS5.8AI score0.00521EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49978

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via multiple protocols to compromise the software. Although the fl...

8.5CVSS5.8AI score0.00311EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.7 views

Security Updates for Microsoft Visual Studio Products (June 2026)

The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by a denial of service vulnerability: - Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-45591 Note that Nessus has not tested f...

7.5CVSS5.2AI score0.0243EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/15 7:32 p.m.17 views

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 9:36 p.m.74 views

exploitGuard

Run and deploy your AI Studio app This contains everything yo...

5.3AI score
Exploits0
Metasploit
Metasploit
added 2026/06/11 7:0 p.m.206 views

VS Code Extension Persistence

This module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested against 1.120....

6AI score
Exploits0
Rows per page
Query Builder