CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1291 matches found

The Hacker News•added 2025/11/07 6:48 a.m.•7 views

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code VS Code extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex,"...

7AI score

Exploits0

NVD•added 2025/10/28 9:15 p.m.•2 views

CVE-2025-62794

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

3.8CVSS0.00015EPSS

Exploits0References3

Vulnrichment•added 2025/10/28 8:53 p.m.•3 views

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

3.8CVSS6.4AI score0.00015EPSS

Exploits0References3

HackRead•added 2025/10/23 10:22 a.m.•7 views

GlassWorm Malware Targets Developers Through OpenVSX Marketplace

GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control...

7.2AI score

Exploits0

OSV•added 2025/10/17 3:28 a.m.•1 views

MAL-2025-48475 Malicious code in @vscode-bicep-ui/components (npm)

The package @vscode-bicep-ui/components was found to contain malicious code...

7AI score

Exploits0

The Hacker News•added 2025/10/15 2:16 p.m.•8 views

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

New research has uncovered that publishers of over 100 Visual Studio Code VS Code extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VS Code Marketplace or Open VSX PAT personal access token allow...

7.4AI score

Exploits0