41 matches found
EUVD-2022-52556
Malicious code in bioql PyPI...
CVE-2025-61590
Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...
CVE-2025-61590 Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection
Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...
PT-2025-40535
Name of the Vulnerable Software and Affected Versions Cursor versions 1.6 and below Description Cursor, a code editor for programming with AI, is susceptible to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to save specific settings for folders or...
Cursor 代码注入漏洞
Cursor is an AI code editor from the Cursor open source. A code injection vulnerability exists in Cursor 1.6 and earlier versions, which stems from an attacker being able to modify workspace settings via Visual Studio Code Workspaces, potentially leading to remote code execution...
CVE-2025-58372
Roo Code CVE-2025-58372 affects versions ≤3.25.23 where certain VS Code workspace files (.code-workspace) aren’t protected like the .vscode folder. If auto-approve for file writes is enabled and prompts are manipulated (e.g., via prompt injection), an attacker could write malicious workspace sett...
PT-2025-36340
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.25.23 and below Description: Roo Code, an AI-powered autonomous coding agent, is susceptible to a flaw where VS Code workspace configuration files .code-workspace lack the same protection as files within the .vscode folder...
CVE-2022-29815
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...
CVE-2020-1192
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171...
Improper access control
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space...
Samsung mobile 安全漏洞
Samsung mobile is a cell phone from Samsung South Korea. Samsung mobile PersonaManagerService is vulnerable to an authorization issue that stems from improper permission management in addAppPackageNameToAllowList, which can be exploited by local attackers to A local attacker can use the...
JetBrains IntelliJ IDEA Code Injection Vulnerability (CNVD-2022-55680)
JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited by attackers to execute native code via workspace...
CVE-2022-29815
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...
CVE-2022-29815
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...
Code injection
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...
CVE-2022-29815
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...
Jetbrains JetBrains IntelliJ IDEA 代码注入漏洞
JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited by attackers to execute native code via workspace...
Visual Studio Code Python Extension Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
CVE-2019-16765
If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...
CVE-2019-16765
If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...