KLA87522 ACE vulnerability in Microsoft Developer Tools

A remote code execution vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions. Original advisories CVE-2025-55319 Related products Visual-Studio-Code CVE list CVE-2025-55319 critical KB list...

MAL-2025-46549 Malicious code in vscode-js-profile-flame (npm)

The package vscode-js-profile-flame was found to contain malicious code...

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes. "In this incident, the threat actor...

CVE-2025-58062

LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...

Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named...

Safeguarding VS Code against prompt injections

The Copilot Chat extension for VS Code has been evolving rapidly over the past few months, adding a wide range of new features. Its new agent mode lets you use multiple large language models LLMs, built-in tools, and MCP servers to write code, make commit requests, and integrate with external...

MAL-2025-38656 Malicious code in vscode.markdown-it-renderer (npm)

The package vscode.markdown-it-renderer was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2822922f8dca5f68d170c921999dd1e45b4dd8b470e088d9aadbe5806cc2069b This package installs a dependency hosted on a custom domain...

MAL-2025-38651 Malicious code in vscode-extend (npm)

The package vscode-extend was found to contain malicious code...

MAL-2025-15225 Malicious code in aws-core-vscode (npm)

The package aws-core-vscode was found to contain malicious code...

MAL-2025-38653 Malicious code in vscode-mssql (npm)

The package vscode-mssql was found to contain malicious code...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

CVE-2025-8217 documents describe a vulnerability in the Amazon Q Developer VS Code extension. The v1.84.0 extension contains inert, injected code intended to call the Q Developer CLI, which executes when the extension is launched in VS Code, but the injected code has a syntax error that prevents ...

PT-2025-31362

Name of the Vulnerable Software and Affected Versions Amazon Q Developer Visual Studio Code VS Code extension version 1.84.0 Description The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains injected code intended to call the Q Developer CLI. This code executes upon extensi...

Amazon Q Developer Visual Studio Code extension 安全漏洞

Amazon Q Developer Visual Studio Code extension is an extension in VS Code from Amazon.com, USA. A security vulnerability exists in Amazon Q Developer Visual Studio Code extension version v1.84.0, which stems from a syntax error in the injected code that causes API calls to fail...

The vulnerability of the Microsoft Visual Studio Code Python Extension, related to breach of confidentiality boundaries, allows the attacker to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio Code Python Extension is related to a breach of trust boundaries. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...