8 matches found
GHSA-V8CX-933X-R976 OpenClaw: Fake package roots could influence memory-core artifact loading
Summary Fake package roots could influence memory-core artifact loading. In affected versions, a local package root resolution path influenced by workspace state could select a package root that was not the intended bundled artifact root. This advisory is scoped to the named feature and...
CVE-2026-12856
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
CVE-2026-12856
The CVE-2026-12856 entry concerns the vscode-java extension for Visual Studio Code. The vulnerability arises because the extension trusts all Markdown content in JavaDoc hovers, enabling a malicious Java file to include hidden commands. When a user clicks a specially crafted link in a JavaDoc hov...
CVE-2026-12856
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
EUVD-2026-40084
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
CVE-2026-12856
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
PT-2026-53259
Name of the Vulnerable Software and Affected Versions vscode-java affected versions not specified Description The vscode-java extension, which provides Java language support for Visual Studio Code, incorrectly trusts all Markdown content in JavaDoc hovers. This allows a malicious Java file to...