Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery

WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery. id: CVE-2019-8982 info: name: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request...

Label Studio - Cross-Site Scripting

Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. id: CVE-2023-47115 info: name: Label Studio - Cross-Site Scripting author: isaca...

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

UBUNTU-CVE-2026-50178

The Angular Language Service VS Code Extension provides a rich editing...

CVE-2026-50178 Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

CVE-2026-50178

The CVE-2026-50178 entry describes a remote code execution risk in the Angular Language Service VS Code Extension. The issue stems from the client-side tooltip renderer using isTrusted: true, which allows potentially malicious content to be treated as trusted Markdown. The background Angular Lang...

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution

A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the eval function within the Perl CGI component ciwweb.pl, where attacker-supplied input inside hidRandomACARAT is directly...

Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion

A directory traversal vulnerability in jphone.php in the JPhone comjphone component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-3426 info: name: Joomla! Component Jphone 1.0...

CVE-2026-50519

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

CVE-2026-50519

The CVE-2026-50519 entry concerns GitHub Copilot and Visual Studio Code, where initialization of a resource with an insecure default may allow an unauthenticated attacker to disclose information over a network. The connected MSRC/NVD records confirm the impact as information disclosure with netwo...

EUVD-2026-38089

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap

Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls—not someone else’s. But a vulnerability in Apple’s Beats Studio Buds shows how that...

CVE-2026-46871

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks...

CVE-2026-46850

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MySQL Shell. While the vulnerability is in...

Security Update for Microsoft Visual Studio Code (June 2026)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...

PT-2026-49958

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via HTTP to compromise the software. Successful exploitation can...

PT-2026-49978

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via multiple protocols to compromise the software. Although the fl...