MAL-2025-191164 Malicious code in JScearcy.rust-doc-viewer (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1dbdd73bf66fbfde48d73e86ebfbb11ca8bb6f44ff57a5030596fc189f962ddf This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

EUVD-2025-36570

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

EUVD-2015-9362

Malware in sbrugna...

CVE-2025-61680 Minecraft RCON Terminal: Plain Text Password Storage in Configuration

Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0...

EUVD-2024-50278

Malicious code in bioql PyPI...

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2015-9522

The Easy Digital Downloads EDD QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

CVE-2021-22195

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system...

CVE-2020-13279

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system...

PT-2024-39454 · Microsoft +1 · Visual Studio Code +2

Name of the Vulnerable Software and Affected Versions: Wiz Code Visual Studio Code extension versions 1.0.0 through 1.5.3 Wiz legacy Visual Studio Code extension versions 0.13.0 through 0.17.8 Description: The issue allows for local command injection when a user opens a maliciously crafted...

Code Reviewer

Reviews code Module Options msf use exploit/multi/fileformat/visualstudiovsixexec msf exploitvisualstudiovsixexec show targets ...targets... msf exploitvisualstudiovsixexec set TARGET msf exploitvisualstudiovsixexec show options ...show and set options... msf exploitvisualstudiovsixexec exploit...

CVE-2017-20164

Symbiote Seed

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists through out of bounds memory access in developer tools that allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

SSHtrix - Fastest Multithreaded SSHv1 and SSH1v2 login cracker

SSHtrix - Fastest Multithreaded SSHv1 and SSH1v2 login cracker sshtrix is a very fast multithreaded SSH login cracker. It supports SSHv1 and SSHv2.sshtrix was designed to automate rapid bruteforce attacks against SSH authentification screens. Unlike other public tools, the aim is to keep it...

CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering

More info at https://symfony.com/cve-2026-45072...