8818 matches found
CVE-2026-47305
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally...
CVE-2026-48760
Symfony HtmlSanitizer/UrlSanitizer::parse() had an underinclusive denial for BiDi formatting characters and Unicode whitespace, allowing percent-encoded BiDi marks to bypass the check. The issue affects UrlSanitizer::parse() behavior from Symfony 6.1.0 up to 6.4.41, 7.4.13, and 8.0.13, where raw ...
CVE-2026-47305
Technical details such as affected products, component versions, root cause, and mitigation are not publicly available in the provided documents. Monitor for updates from MSRC and NCSC advisories.
CVE-2026-57101
Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-57102
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-50520
Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code allows an unauthorized attacker to execute code locally...
CVE-2026-57102
CVE-2026-57102 affects Visual Studio Code. Likely risk: security feature bypass via inclusion of functionality from an untrusted control sphere, exploitable over a network with user interaction required. CVSS v3.1: 8.8 ( HIGH, NETWORK, AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ). Connected sources note...
CVE-2026-57101
Visual Studio Code is affected by CVE-2026-57101, a cross-site scripting flaw caused by improper neutralization of input during web page generation. The vulnerability allows a local attacker to bypass a security feature, requiring user interaction for exploitation (CVSS TV: Local access, Low expl...
CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability
...
CVE-2026-50520 Visual Studio Code Remote Code Execution Vulnerability
...
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...
WordPress Visual Form Builder <3.0.8 - Information Disclosure
WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint. id: CVE-2022-0140 info: name:...
Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation
The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...
CVE-2026-44767
setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection
Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-42071 info: name: Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection author: gy741 severity: critical description: Visual...
CVE-2026-59831
GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...
CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace
GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...
CVE-2026-14158
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...
CVE-2026-14158 Widget Logic Visual <= 1.52 - Authenticated (Subscriber+) Remote Code Execution via 'nwlv[cod-tag]' Parameter
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...
CVE-2026-14158
The Widget Logic Visual plugin for WordPress is affected by a Remote Code Execution vulnerability in all versions up to 1.52. The issue arises in the widget_logic_visual_check_visibility flow and the widget-logic-update-conditional-tags AJAX action due to missing capability check and nonce verifi...