Lucene search
K

151 matches found

NVD
NVD
added yesterday2 views

CVE-2026-50510

Improper restriction of names for files and other resources in Github Copilot allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-50510

CVE-2026-50510 concerns the GitHub Copilot vulnerability affecting the JetBrains Copilot plugin prior to version 1.13.0. The issue is described as an improper restriction of names for files and other resources, enabling an attacker with local access to execute code on the affected system. The ass...

7.8CVSS6.2AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday12 views

GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.00861EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51297

Name of the Vulnerable Software and Affected Versions GitHub Copilot version 1.372.0 Description An issue exists where the software allows filesystem access outside of a workspace folder without user approval. This occurs via a file-handler URI parameter used in the fetch webpage function. This...

7.5CVSS5.8AI score0.00853EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/22 12:0 a.m.9 views

EUVD-2025-210298

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 12:0 a.m.31 views

CVE-2025-66389

GitHub Copilot 1.372.0 is affected. The flaw allows filesystem access outside the workspace folder via a file-handler URI parameter to fetch_webpage, without user approval. This could enable exfiltration if an indirect prompt injection occurs. The CVSS 3.1 base score is 7.5 (HIGH) with network at...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:0 a.m.4 views

CVE-2025-66389

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

5.9AI score0.00853EPSS
Exploits1References4
NVD
NVD
added 2026/06/19 9:17 p.m.12 views

CVE-2026-50519

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00514EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 8:28 p.m.9 views

EUVD-2026-38089

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00514EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.115 views

Security Update for Microsoft Visual Studio Code (June 2026)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...

9.6CVSS5.5AI score0.00763EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.12 views

CVE-2026-45482

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

8.4CVSS5.5AI score0.00345EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/09 6:23 p.m.23 views

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in Developer Tools. A malicious actor could exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. Except for the vulnerability in .NET Core, where no prior authentication or user...

9.6CVSS5.7AI score0.0243EPSS
Exploits0
OSV
OSV
added 2026/06/09 5:17 p.m.3 views

CVE-2026-45482

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

8.4CVSS7AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.18 views

CVE-2026-45482

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

8.4CVSS0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.10 views

EUVD-2026-35547

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

8.4CVSS5.4AI score0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.34 views

CVE-2026-45482

CVE-2026-45482 affects GitHub Copilot and Visual Studio Code (Copilot Chat extension): improper limitation of a pathname to a restricted directory enables a local attacker to bypass a security feature. Root cause is a path traversal issue in handling file paths. Impact is described as high for co...

8.4CVSS7.1AI score0.00345EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.52 views

Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

8.4CVSS7.3AI score0.00345EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Microsoft Visual Studio Code 路径遍历漏洞

Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a path traversal vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to bypass certain feature...

8.4CVSS5.8AI score0.00345EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47964

Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper limitation of a pathname to a restricted directory, known as path traversal, allows an unauthorized attacker to bypass...

8.4CVSS5.8AI score0.00345EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS6.2AI score0.0035EPSS
Exploits1References1
Rows per page
Query Builder