Spelling Checker for Visual Studio Code 安全漏洞

Spelling Checker for Visual Studio Code is a simple source code spell checker developed by Street Side Software. Versions of Spelling Checker for Visual Studio Code prior to v4.5.4 contained a security vulnerability. This vulnerability stemmed from improper handling of trust flags, which could...

CVE-2026-25046 [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

CVE-2026-25046 [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code VS Code extension for Moltbot formerly Clawdbot on the official Extension Marketplace that claims to be a free artificial intelligence AI coding assistant, but stealthily drops a malicious payload on compromised...

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code VS Code projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new...

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code VS Code extension ecosystem. "The malware is designed to exfiltrate sensitive informatio...

CVE-2026-22718

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

CVE-2026-22718

The CVE-2026-22718 entry concerns the VSCode extension for Spring CLI, attributed to VMware, with a vulnerability allowing command injection and subsequent command execution on the user’s machine. Connected advisories consistently describe this as a vulnerability in the Spring CLI VSCode extensio...

PT-2026-2793

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

VMware Spring CLI VSCode Extension 安全漏洞

VMware Spring CLI VSCode Extension is a Visual Studio Code add-in from VMware, Inc. A security vulnerability exists in VMware Spring CLI VSCode Extension that originates from command injection and could lead to the execution of commands on a user's machine...

Exploit for CVE-2025-68120

Vulnerability Write-up: Command Injection in VS Code Go Extens...

CVE-2021-28967

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings...

CVE-2021-28792

The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...

CVE-2021-31414

The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration...

CVE-2019-16765

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...

CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

EUVD-2025-205668

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

GHSA-FJMR-7667-8V4P Visual Studio Code Go extension has unexpected untrusted code execution

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

Visual Studio Code Go extension has unexpected untrusted code execution

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...