1291 matches found
CVE-2025-49714
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...
CVE-2025-49714
CVE-2025-49714 involves the Visual Studio Code Python Extension. The connected sources describe a trust boundary violation that can let an unauthorized attacker execute code locally, effectively a remote code execution scenario through the Python extension. The vulnerability is tied to Visual Stu...
CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability
...
CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability
...
Visual Studio Code Python Extension Remote Code Execution Vulnerability
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...
Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code VS Code extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 ...
PT-2025-28605
Name of the Vulnerable Software and Affected Versions: Visual Studio Code - Python extension affected versions not specified Description: The issue is related to a trust boundary violation in the Visual Studio Code - Python extension, allowing an unauthorized attacker to execute code locally...
Security Update for Microsoft Visual Studio Code Python Extension (July 2025)
The Microsoft Visual Studio Code Python Extension is prior to version 2025.8.1. It is, therefore, affected by an undisclosed remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Security Update for Microsoft Visual Studio Code (April 2025)
The version of Microsoft Visual Studio Code installed on the remote host is prior to 1.100.1. It is, therefore, affected by a vulnerability where files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. Note th...
Microsoft Visual Studio Code 安全漏洞
Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A security vulnerability exists in Microsoft Visual Studio Code. An attacker exploiting the vulnerability can remotely execute code...
Roo Code 安全漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A security vulnerability exists in Roo Code versions prior to 3.22.6, which stems from an attacker being able to submit a prompt to write to a VS Code settings file and trigger code execution, potentially leading to remote code...
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
A new study of integrated development environments IDEs like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. "We...
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry "open-vsx.org" that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability...
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
Claude Code 安全漏洞
Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...
Malicious code in vscode-azurecontainerapps (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5ad54ec265645c2e7358384082a1b1f2385a1caa652b65c359b13681a211b30 Any computer that has this package installed or running should be considered...
JavaSith: a Client-Side Framework for Analyzing Potentially Malicious Extensions in Browsers, VS Code, and NPM Packages
Modern software supply chains face an increasing threat from malicious code hidden in trusted components such as browser extensions, IDE extensions, and open-source packages. This paper introduces JavaSith, a novel client-side framework for analyzing potentially malicious extensions in web...
CVE-2024-1569
parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...
CVE-2021-30503
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration...
CVE-2021-29261
The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration...