37 matches found
EUVD-2026-17373
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
PT-2026-8354
Name of the Vulnerable Software and Affected Versions Code Runner versions prior to 0.12.2 Description A flaw exists in the code-runner.executorMap setting of the Code Runner extension for Visual Studio Code. This allows for the execution of arbitrary code when a specially crafted workspace is...
CVE-2025-65715
CVE-2025-65715 affects Visual Studio Code Extensions Code Runner v0.12.2, where the code-runner.executorMap setting is vulnerable to arbitrary code execution when a crafted workspace is opened. The description specifies a code execution risk but does not provide details on affected platforms, exa...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
CVE-2021-28967
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings...
CVE-2021-28792
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...
CVE-2021-29658
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...
CVE-2021-28956
The unofficial vscode-sass-lint aka Sass Lint extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Denial Of Service (DoS)
xen is vulnerable to denial of service. The unofficial MATLAB extension for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
CVE-2021-30502
The CVE-2021-30502 entry concerns the unofficial vscode-ghc-simple (Simple Glasgow Haskell Compiler) extension for Visual Studio Code. Affected component: the extension’s workspace configuration handling via replCommand, which allows remote code execution. Impact: high/severe due to remote code e...
Lex Li vscode-restructuredtext access control error vulnerability
Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...
CVE-2021-28793
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...
CVE-2021-28793
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...