Lucene search
K

1382 matches found

EUVD
EUVD
added 2026/06/29 12:33 p.m.7 views

EUVD-2026-40084

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00297EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/29 5:36 a.m.45 views

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps...

6.3AI score
Exploits0
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

UBUNTU-CVE-2026-50178

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.8CVSS5.9AI score0.00246EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:20 p.m.3 views

CVE-2026-50178

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/22 3:20 p.m.30 views

CVE-2026-50178 Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:20 p.m.21 views

CVE-2026-50178

The CVE-2026-50178 entry describes a remote code execution risk in the Angular Language Service VS Code Extension. The issue stems from the client-side tooltip renderer using isTrusted: true, which allows potentially malicious content to be treated as trusted Markdown. The background Angular Lang...

8.8CVSS5.9AI score0.00246EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/22 5:46 a.m.4 views

BIT-MYSQL-SHELL-2026-46870

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the...

8.5CVSS5.8AI score0.00311EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 5:46 a.m.4 views

BIT-MYSQL-SHELL-2026-46850

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MySQL Shell. While the vulnerability is in...

9.9CVSS5.9AI score0.00521EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51338

Name of the Vulnerable Software and Affected Versions Angular Language Service VS Code Extension versions prior to 21.2.4 Description The client-side extension configures the tooltip Markdown renderer with the isTrusted: true option, causing VS Code to trust all rendered content and enable active...

8.8CVSS5.9AI score0.00246EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 9:17 p.m.10 views

CVE-2026-50519

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00514EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 8:28 p.m.7 views

EUVD-2026-38089

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:28 p.m.18 views

CVE-2026-50519 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

6.5CVSS0.00514EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 8:28 p.m.24 views

CVE-2026-50519

The CVE-2026-50519 entry concerns GitHub Copilot and Visual Studio Code where a resource initialized with an insecure default can allow an unauthorized attacker to disclose information over a network. Public sources (NVD) describe the impact as confidentiality compromise with network-exposed disc...

7.5CVSS5.8AI score0.00514EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46871

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46850

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MySQL Shell. While the vulnerability is in...

9.9CVSS0.00521EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.94 views

Security Update for Microsoft Visual Studio Code (June 2026)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...

9.6CVSS5.5AI score0.00763EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/06/16 7:27 p.m.2 views

CVE-2026-46870

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the...

8.5CVSS7.2AI score0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-49979

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description A flaw in the Shell for VS Code component of Oracle MySQL allows a low-privileged attacker with network access via multiple protocols to compromise the system. Successful...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49978

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via multiple protocols to compromise the software. Although the fl...

8.5CVSS5.8AI score0.00311EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-49958

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via HTTP to compromise the software. Successful exploitation can...

9.9CVSS5.8AI score0.00521EPSS
Exploits0References4
Rows per page
Query Builder