Lucene search
+L

41 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-52556

Malicious code in bioql PyPI...

6.2CVSS5.8AI score0.00085EPSS
Exploits0References1
NVD
NVD
added 2025/10/03 5:15 p.m.11 views

CVE-2025-61590

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...

7.5CVSS0.00485EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/03 4:27 p.m.1 views

CVE-2025-61590 Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...

7.5CVSS7AI score0.00485EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.9 views

PT-2025-40535

Name of the Vulnerable Software and Affected Versions Cursor versions 1.6 and below Description Cursor, a code editor for programming with AI, is susceptible to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to save specific settings for folders or...

7.5CVSS7.5AI score0.00485EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.5 views

Cursor 代码注入漏洞

Cursor is an AI code editor from the Cursor open source. A code injection vulnerability exists in Cursor 1.6 and earlier versions, which stems from an attacker being able to modify workspace settings via Visual Studio Code Workspaces, potentially leading to remote code execution...

7.5CVSS8.3AI score0.00485EPSS
Exploits0References1
CVE
CVE
added 2025/09/05 10:51 p.m.26 views

CVE-2025-58372

Roo Code CVE-2025-58372 affects versions ≤3.25.23 where certain VS Code workspace files (.code-workspace) aren’t protected like the .vscode folder. If auto-approve for file writes is enabled and prompts are manipulated (e.g., via prompt injection), an attacker could write malicious workspace sett...

9.8CVSS7.4AI score0.00495EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.14 views

PT-2025-36340

Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.25.23 and below Description: Roo Code, an AI-powered autonomous coding agent, is susceptible to a flaw where VS Code workspace configuration files .code-workspace lack the same protection as files within the .vscode folder...

8.1CVSS7.2AI score0.00495EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.10 views

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...

6.9CVSS7.3AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:11 p.m.10 views

CVE-2020-1192

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171...

9.3CVSS7.8AI score0.14273EPSS
Exploits1References1
Prion
Prion
added 2022/06/07 7:15 p.m.19 views

Improper access control

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space...

2.1CVSS5.4AI score0.00085EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/07 12:0 a.m.6 views

Samsung mobile 安全漏洞

Samsung mobile is a cell phone from Samsung South Korea. Samsung mobile PersonaManagerService is vulnerable to an authorization issue that stems from improper permission management in addAppPackageNameToAllowList, which can be exploited by local attackers to A local attacker can use the...

6.2CVSS5.6AI score0.00085EPSS
Exploits0References3
CNVD
CNVD
added 2022/05/05 12:0 a.m.40 views

JetBrains IntelliJ IDEA Code Injection Vulnerability (CNVD-2022-55680)

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited by attackers to execute native code via workspace...

6.9CVSS6.8AI score0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/28 10:15 a.m.2 views

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...

6.9CVSS7AI score0.00208EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/04/28 10:15 a.m.5 views

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...

6.7CVSS7AI score0.00208EPSS
Exploits0References1
Prion
Prion
added 2022/04/28 10:15 a.m.16 views

Code injection

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...

4.6CVSS6.8AI score0.00208EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/28 9:55 a.m.23 views

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible...

6.9CVSS7.2AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.4 views

Jetbrains JetBrains IntelliJ IDEA 代码注入漏洞

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited by attackers to execute native code via workspace...

6.9CVSS5.9AI score0.00208EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.43 views

Visual Studio Code Python Extension Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.9AI score0.11737EPSS
Exploits1
NVD
NVD
added 2019/11/25 6:15 p.m.31 views

CVE-2019-16765

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...

7.8CVSS7.5AI score0.04731EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/11/25 5:41 p.m.30 views

CVE-2019-16765

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...

7.4CVSS7.7AI score0.04731EPSS
Exploits0References3
Rows per page
Query Builder