Lucene search
+L

10 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 6:15 a.m.11 views

CVE-2026-13323

A flaw was found in Open VSX Registry. The /vscode/unpkg/ endpoint serves user-supplied HTML files with a Content-Type of text/html without Content-Security-Policy or Content-Disposition: attachment response headers. An attacker with a registered publisher account can upload a VSIX containing a...

8.7CVSS5.6AI score0.0019EPSS
Exploits1References5
CVE
CVE
added 2026/07/01 11:28 a.m.33 views

CVE-2026-13323

Vulnerability CVE-2026-13323 affects Open VSX Registry before 1.0.2. The /vscode/unpkg/ endpoint serves user-supplied HTML without CSP or Content-Disposition headers, enabling a publisher to upload a crafted VSIX and lure authenticated users to visit the URL. This inline rendering in the open-vsx...

8.7CVSS5.8AI score0.0019EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 11:28 a.m.6 views

CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.0019EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/23 12:16 p.m.18 views

CVE-2026-4983

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...

5.4CVSS0.00226EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 10:50 a.m.23 views

CVE-2026-4983

CVE-2026-4983 affects the Open VSX Registry where SVG icons uploaded as extensions are not sanitized before storage and are served as image/svg+xml without security headers. This enables stored cross-site scripting (XSS) when users navigate to the icon URL. The impact differs by deployment: on lo...

5.4CVSS5.9AI score0.00226EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2026/03/14 12:55 p.m.9 views

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/04 6:26 a.m.10 views

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code VS Code extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-19382

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00224EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/06/26 4:46 p.m.7 views

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry "open-vsx.org" that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.2 views

PT-2025-27026 · Undefined · Undefined

🚨 Critical flaw in Open VSX Registry CVE-2025-29182 Malicious extensions could hijack dev environments! ⚠️ 180K+ daily users at risk. Patched now—if you're using Eclipse Theia or any Open VSX-based IDE, update ASAP. CyberSecurity SupplyChain PatchNow...

7.2AI score
Exploits0References1
Rows per page
Query Builder