161 matches found
CVE-2026-25931
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
CVE-2026-25931
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
CVE-2026-25931
The vulnerability affects the vscode-spell-checker extension prior to version 4.5.4. It arises because DocumentSettings._determineIsTrusted uses the cSpell.trustedWorkspace setting as the authoritative trust flag, defaulting to true in package.json. This allows an untrusted workspace to cause the...
CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
PT-2026-7180
Name of the Vulnerable Software and Affected Versions vscode-spell-checker versions prior to 4.5.4 Description The vscode-spell-checker extension is susceptible to a workspace-trust bypass that can lead to code execution. The DocumentSettings. determineIsTrusted function incorrectly relies on the...
CVE-2021-47889
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\Softros Systems\Softros Messenger\Spell Checker' to...
CVE-2021-47889
CVE-2021-47889 affects Softros LAN Messenger 9.6.4 with an unquoted service path in the SoftrosSpellChecker service. The vulnerable path is "C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker" and could allow a local attacker to inject a malicious executable to achieve privile...
CVE-2021-47889
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\Softros Systems\Softros Messenger\Spell Checker' to...
CVE-2021-47889 Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\Softros Systems\Softros Messenger\Spell Checker' to...
EUVD-2019-10542
Malware in sbrugna...
CVE-2019-1985
In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User...
Hunspell: Multiple Vulnerabilities
Background Hunspell is the spell checker of LibreOffice, OpenOffice.org, Mozilla Firefox & Thunderbird, Google Chrome. Description Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior. Impact Malicious input to the hunspell spell checker...
W3c Spell Checker Cross-Site Scripting Vulnerability
W3c Spell Checker is an online spell checker open source by the World Wide Web Consortium. A cross-site scripting vulnerability exists in W3c Spell Checker version 20140130 and prior versions, which originates from a vulnerability that could lead to cross-site scripting...
CVE-2022-41953
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...
Moderate: aspell security update
GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Security Fixes: aspell: Heap-buffer-overflow in acommon::ObjStack::duptop CVE-2019-25051 For more details about the security issues, including the impact, a...
RLSA-2022:1808 Moderate: aspell security update
GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Security Fixes: aspell: Heap-buffer-overflow in acommon::ObjStack::duptop CVE-2019-25051 For more details about the security issues, including the impact, a...
[SECURITY] Fedora 34 Update: aspell-0.60.8-7.fc34
GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Its main feature is that it does a much better job of coming up with possible suggestions than just about any other spell checker out there for the English...
USN-5023-1: Aspell vulnerability
It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash...