Lucene search
K

8818 matches found

NVD
NVD
added yesterday4 views

CVE-2026-47305

Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday21 views

CVE-2026-48760

Symfony HtmlSanitizer/UrlSanitizer::parse() had an underinclusive denial for BiDi formatting characters and Unicode whitespace, allowing percent-encoded BiDi marks to bypass the check. The issue affects UrlSanitizer::parse() behavior from Symfony 6.1.0 up to 6.4.41, 7.4.13, and 8.0.13, where raw ...

5.3CVSS6.1AI score0.00025EPSS
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-47305

Technical details such as affected products, component versions, root cause, and mitigation are not publicly available in the provided documents. Monitor for updates from MSRC and NCSC advisories.

7.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57101

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57102

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50520

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code allows an unauthorized attacker to execute code locally...

8.4CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57102

CVE-2026-57102 affects Visual Studio Code. Likely risk: security feature bypass via inclusion of functionality from an untrusted control sphere, exploitable over a network with user interaction required. CVSS v3.1: 8.8 ( HIGH, NETWORK, AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ). Connected sources note...

8.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57101

Visual Studio Code is affected by CVE-2026-57101, a cross-site scripting flaw caused by improper neutralization of input during web page generation. The vulnerability allows a local attacker to bypass a security feature, requiring user interaction for exploitation (CVSS TV: Local access, Low expl...

7.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability

...

8.4CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability

...

8.4CVSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday12 views

GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.00861EPSS
Exploits0
Nuclei
Nuclei
added yesterday75 views

WordPress Visual Form Builder <3.0.8 - Information Disclosure

WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint. id: CVE-2022-0140 info: name:...

5.3CVSS6.2AI score0.0384EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday13 views

Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...

8.8CVSS7AI score0.0189EPSS
Exploits1References3
NVD
NVD
added yesterday7 views

CVE-2026-44767

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS0.00181EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago104 views

Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection

Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-42071 info: name: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection author: gy741 severity: critical description: Visual...

10CVSS7.2AI score0.69882EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-59831

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS6.1AI score0.00198EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS0.00198EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 5:16 a.m.13 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS0.00516EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 4:30 a.m.35 views

CVE-2026-14158 Widget Logic Visual <= 1.52 - Authenticated (Subscriber+) Remote Code Execution via 'nwlv[cod-tag]' Parameter

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS0.00516EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 4:30 a.m.23 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is affected by a Remote Code Execution vulnerability in all versions up to 1.52. The issue arises in the widget_logic_visual_check_visibility flow and the widget-logic-update-conditional-tags AJAX action due to missing capability check and nonce verifi...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References4
Rows per page
Query Builder