4955 matches found
CVE-2026-50178 Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...
CVE-2026-50178
The CVE-2026-50178 entry describes a remote code execution risk in the Angular Language Service VS Code Extension. The issue stems from the client-side tooltip renderer using isTrusted: true, which allows potentially malicious content to be treated as trusted Markdown. The background Angular Lang...
CVE-2026-50519
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...
CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability
...
EUVD-2026-38089
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...
CVE-2026-50519
The CVE-2026-50519 entry concerns GitHub Copilot and Visual Studio Code, where initialization of a resource with an insecure default may allow an unauthenticated attacker to disclose information over a network. The connected MSRC/NVD records confirm the impact as information disclosure with netwo...
CVE-2026-46871
Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks...
CVE-2026-46850
Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MySQL Shell. While the vulnerability is in...
Security Update for Microsoft Visual Studio Code (June 2026)
The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...
PT-2026-49979
Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description A flaw in the Shell for VS Code component of Oracle MySQL allows a low-privileged attacker with network access via multiple protocols to compromise the system. Successful...
PT-2026-49978
Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via multiple protocols to compromise the software. Although the fl...
Security Updates for Microsoft Visual Studio Products (June 2026)
The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by a denial of service vulnerability: - Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-45591 Note that Nessus has not tested f...
PT-2026-49958
Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via HTTP to compromise the software. Successful exploitation can...
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...
VS Code Extension Persistence
This module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested against 1.120....
VS Code Extension Persistence
This Metasploit module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested...
CVE-2026-47284
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...
CVE-2026-47287
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...
CVE-2026-48569
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-47292
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...