Lucene search
+L

12 matches found

CVE
CVE
added 2026/07/01 11:28 a.m.38 views

CVE-2026-13323

Vulnerability CVE-2026-13323 affects Open VSX Registry before 1.0.2. The /vscode/unpkg/ endpoint serves user-supplied HTML without CSP or Content-Disposition headers, enabling a publisher to upload a crafted VSIX and lure authenticated users to visit the URL. This inline rendering in the open-vsx...

8.7CVSS5.8AI score0.0019EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 11:28 a.m.6 views

CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.0019EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/06/17 1:55 p.m.5 views

Creation of Temporary File in Directory with Insecure Permissions

Overview @mariozechner/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in the process handling temporary extension package installs...

7.3CVSS6.3AI score0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.39 views

CVE-2021-47964 Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanager

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

8.8CVSS0.0071EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/15 6:36 p.m.14 views

EUVD-2021-34817

Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...

8.8CVSS6.6AI score0.0071EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/06 7:0 p.m.4 views

EUVD-2025-38183

Malicious code in revenuecat-mcp-extension npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/23 7:35 p.m.7 views

Malicious code in http-message-signatures-extension (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-38651 Malicious code in vscode-extend (npm)

The package vscode-extend was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/28 12:44 p.m.4 views

Malicious code in dt-adoptionoverview-extension (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:15 p.m.6 views

Malicious code in @aznb/extension-gather (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13a2e820f4b76b96754e20b5f4690c511ba979707ff6d1f9dc14a6cbf1e658e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Prion
Prion
added 2015/12/16 9:59 p.m.20 views

Directory traversal

Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive...

7.5CVSS7.5AI score0.02641EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/05/13 12:0 a.m.16 views

AIX 520010 : U815011

The remote host is missing AIX PTF U815011 which is related to the security of the package X11.samples.ext You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

5.5AI score
Exploits0
Rows per page
Query Builder