Lucene search
K

8 matches found

OSV
OSV
added 2026/07/02 4:57 p.m.12 views

GHSA-V8CX-933X-R976 OpenClaw: Fake package roots could influence memory-core artifact loading

Summary Fake package roots could influence memory-core artifact loading. In affected versions, a local package root resolution path influenced by workspace state could select a package root that was not the intended bundled artifact root. This advisory is scoped to the named feature and...

7.8CVSS5.9AI score0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS0.00292EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 12:33 p.m.13 views

CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:33 p.m.19 views

CVE-2026-12856

The CVE-2026-12856 entry concerns the vscode-java extension for Visual Studio Code. The vulnerability arises because the extension trusts all Markdown content in JavaDoc hovers, enabling a malicious Java file to include hidden commands. When a user clicks a specially crafted link in a JavaDoc hov...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:33 p.m.8 views

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 12:33 p.m.7 views

EUVD-2026-40084

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 12:33 p.m.6 views

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53259

Name of the Vulnerable Software and Affected Versions vscode-java affected versions not specified Description The vscode-java extension, which provides Java language support for Visual Studio Code, incorrectly trusts all Markdown content in JavaDoc hovers. This allows a malicious Java file to...

8.8CVSS6.3AI score0.00292EPSS
Exploits0References8
Rows per page
Query Builder