CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1291 matches found

Positive Technologies•added 2025/11/20 12:0 a.m.•5 views

PT-2025-47646

Name of the Vulnerable Software and Affected Versions GitHub Copilot and Visual Studio Code affected versions not specified Description An issue with access control exists in GitHub Copilot and Visual Studio Code. This allows an authorized attacker to bypass a security feature over a network...

9CVSS6.5AI score0.00084EPSS

Exploits0References12

Kaspersky•added 2025/11/20 12:0 a.m.•4 views

KLA90452 SB vulnerability in Microsoft Developer Tools

A security feature bypass vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2025-64660 Related products Visual-Studio-Code CVE list CVE-2025-64660 critical Solution Install necessary update...

8CVSS6.7AI score0.00084EPSS

Exploits0References3

CNNVD•added 2025/11/20 12:0 a.m.•2 views

Microsoft Visual Studio Code 访问控制错误漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Visual Studio Code that stems from improper access control and could lead to bypassing security features...

8CVSS6.9AI score0.00084EPSS

Exploits0References2

OSSF Malicious Packages•added 2025/11/19 5:55 a.m.•3 views

Malicious code in SIRILMP.dark-theme-sm (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a30acc5c978ef579bc01603521f705b16016df5a2e72e44e1c0f3222ff2e6068 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

7AI score

Exploits0References1

OSV•added 2025/11/19 5:55 a.m.•3 views

MAL-2025-191167 Malicious code in SIRILMP.dark-theme-sm (VSCode:https://open-vsx.org)

6.9AI score

Exploits0References1

OSV•added 2025/11/19 5:55 a.m.•2 views

MAL-2025-191160 Malicious code in ellacrity.recoil (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c10eec28bf8da96caa61583697ae4e44102b7a4f1b84e361e0f609be824a79c6 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

6.9AI score

Exploits0References1

OSV•added 2025/11/19 5:55 a.m.•2 views

MAL-2025-191165 Malicious code in kleinesfilmroellchen.serenity-dsl-syntaxhighlight (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 4cd24ae9caaea029653d9b9516f034a9ff19684891421dd3558c584f02076c8f This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

6.9AI score

Exploits0References1

OSV•added 2025/11/19 5:55 a.m.•4 views

MAL-2025-191164 Malicious code in JScearcy.rust-doc-viewer (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1dbdd73bf66fbfde48d73e86ebfbb11ca8bb6f44ff57a5030596fc189f962ddf This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

6.9AI score

Exploits0References1

OSV•added 2025/11/19 5:55 a.m.•2 views

MAL-2025-191159 Malicious code in codejoy.codejoy-vscode-extension (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6039e624de3c28cc21aa1c268dc71e67352c90ec642f4efc51fc47de34f9d47b This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

6.9AI score

Exploits0References1

Tenable Nessus•added 2025/11/14 12:0 a.m.•9 views

Security Update for Microsoft Visual Studio Code (November 2025)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.105.1. It is, therefore, affected by security feature bypass vulnerability. Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a...

5CVSS6.2AI score0.00039EPSS

Exploits0References3

RedhatCVE•added 2025/11/12 6:1 p.m.•2 views

CVE-2025-62453

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally...

5CVSS5.4AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 6:1 p.m.•3 views

CVE-2025-62222

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

8.8CVSS5.9AI score0.0013EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 6:1 p.m.•5 views

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS5.4AI score0.0004EPSS

Exploits0References1

OSV•added 2025/11/11 6:15 p.m.•3 views

CVE-2025-62453

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally...

5CVSS6.8AI score0.00039EPSS

Exploits0References1

OSV•added 2025/11/11 6:15 p.m.•4 views

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS6AI score0.0004EPSS

Exploits0References1

NVD•added 2025/11/11 6:15 p.m.•4 views

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS0.0004EPSS

Exploits0References1

NVD•added 2025/11/11 6:15 p.m.•3 views

CVE-2025-62222

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

8.8CVSS0.0013EPSS

Exploits0References1

OSV•added 2025/11/11 6:15 p.m.•2 views

CVE-2025-62222

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

8.8CVSS6AI score0.0013EPSS

Exploits0References1

CVE•added 2025/11/11 5:59 p.m.•17 views

CVE-2025-62453

CVE-2025-62453 affects GitHub Copilot and Visual Studio Code due to improper validation of generative AI output, enabling an authorized local attacker to bypass a security feature. Multiple sources corroborate a security feature bypass vulnerability in Visual Studio Code and Copilot Chat, with im...

5CVSS5.4AI score0.00039EPSS

Exploits0References1Affected Software1

EUVD•added 2025/11/11 5:59 p.m.•4 views

EUVD-2025-93392

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally...

5CVSS5.3AI score0.00039EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by