Lucene search
K

4967 matches found

NVD
NVD
added 2026/06/05 9:16 p.m.12 views

CVE-2026-11422

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS0.00159EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/05 8:16 p.m.7 views

CVE-2026-11422

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS6AI score0.00159EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/05 8:16 p.m.10 views

CVE-2026-11422 Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS6AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/05 8:16 p.m.39 views

CVE-2026-11422 Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.8CVSS5.4AI score0.0185EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47053

Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions 0.8.x Description A code injection issue exists in the WaveDrom rendering pipeline. Attackers can execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted...

8.4CVSS5.9AI score0.00159EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.9 views

Security Update for Microsoft Visual Studio Code Nx-Console Extension (CVE-2026-48027)

The Microsoft Visual Studio Code Nx-Console Extension is version 18.95.0. It is, therefore, affected by an embedded malicious code vulnerability. The compromised extension fetched an obfuscated payload that could harvest credentials from multiple sources on disk and in memory. Note that Nessus ha...

9.8CVSS5.6AI score0.0185EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2026/06/03 5:58 p.m.18 views

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code VS Code that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/03 3:7 p.m.737 views

1click-gh-token-stealing-via-vscode-POC

1-Click GitHub Token Stealing via VSCode Proof-of-Concept exp...

6.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.8 views

PT-2026-48590

Уязвимость интерфейса Webview API редактора исходного кода Visual Studio Code связана с ошибками представления информации пользовательским интерфейсом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществить подмену данных и проводить межсайтовые сценарные атаки XSS...

10CVSS5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:40 a.m.16 views

Malicious code in nrwl.angular-console (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:40 a.m.11 views

Malicious code in nrwl.angular-console (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
NVD
NVD
added 2026/05/27 5:16 p.m.24 views

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.8CVSS0.0185EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/27 3:50 p.m.129 views

CVE-2026-48027 Compromised Nx Console version 18.95.0

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.3CVSS0.0185EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:50 p.m.14 views

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.3CVSS5.8AI score0.0185EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/27 3:50 p.m.14 views

EUVD-2026-32550

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.8CVSS5.8AI score0.0185EPSS
Exploits1References4
CVE
CVE
added 2026/05/27 3:50 p.m.71 views

CVE-2026-48027

Summary: CVE-2026-48027 affects Nx Console, a UI for Nx & Lerna. A malicious copy of Nx Console version 18.95.0 was published briefly in Visual Studio Marketplace (and OpenVSX) around 12:30–12:48 UTC (≈18 minutes) and 12:33–13:09 UTC (≈36 minutes) respectively. The compromised package allowed cod...

9.8CVSS5.8AI score0.0185EPSS
In wildExploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 3:50 p.m.10 views

CVE-2026-48027 Compromised Nx Console version 18.95.0

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.3CVSS5.8AI score0.0185EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2026/05/27 11:48 a.m.27 views

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

6.2AI score
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Nx Console 安全漏洞

Nx Console is an open-source repository management interface that supports visual workflows and AI enhancements. Version Nx Console 18.95.0 contains a security vulnerability. This vulnerability stems from the release of a malicious version on the Visual Studio Marketplace and OpenVSX, which could...

9.8CVSS5.8AI score0.0185EPSS
Exploits1References5
Rows per page
Query Builder