CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1373 matches found

RedhatCVE•added 2026/03/07 1:44 a.m.•5 views

CVE-2026-28353

Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...

10CVSS5.8AI score0.00453EPSS

Exploits0References1

Positive Technologies•added 2026/03/05 12:0 a.m.•5 views

PT-2026-23503

Name of the Vulnerable Software and Affected Versions Trivy Vulnerability Scanner VS Code Extension version 1.8.12 Description The Trivy Vulnerability Scanner VS Code extension was compromised with malicious code in version 1.8.12, distributed through the OpenVSX marketplace. This malicious code...

10CVSS6.1AI score0.00453EPSS

Exploits0References8

The Hacker News•added 2026/02/18 1:16 p.m.•7 views

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code VS Code extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively...

9.1CVSS6.6AI score0.00639EPSS

Exploits3

RedhatCVE•added 2026/02/17 2:44 a.m.•3 views

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

7.8CVSS6.1AI score0.00322EPSS

Exploits1References1

RedhatCVE•added 2026/02/17 2:44 a.m.•4 views

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

8.8CVSS6.1AI score0.00639EPSS

Exploits1References1

RedhatCVE•added 2026/02/17 2:44 a.m.•6 views

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

4.3CVSS5.5AI score0.00511EPSS

Exploits1References1

OSV•added 2026/02/16 4:19 p.m.•1 views

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

7.8CVSS6.2AI score0.00322EPSS

Exploits1References2

OSV•added 2026/02/16 4:19 p.m.•5 views

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

8.8CVSS6.2AI score0.00639EPSS

Exploits1References2

OSV•added 2026/02/16 4:19 p.m.•2 views

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

4.3CVSS5.8AI score0.00511EPSS

Exploits1References2

NVD•added 2026/02/16 4:19 p.m.•6 views

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

7.8CVSS0.00322EPSS

Exploits1References2

NVD•added 2026/02/16 4:19 p.m.•5 views

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

4.3CVSS0.00511EPSS

Exploits1References3

CVE•added 2026/02/16 12:0 a.m.•10 views

CVE-2025-65717

CVE-2025-65717 affects Visual Studio Code Live Server extension (v5.7.9). According to connected sources, an attacker can exfiltrate local files by luring a developer to a crafted HTML page which, via the local development HTTP server on localhost:5500, executes JavaScript to crawl and send files...

4.3CVSS5.5AI score0.00511EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/02/16 12:0 a.m.•11 views

PT-2026-8356

Name of the Vulnerable Software and Affected Versions Visual Studio Code Live Server version 5.7.9 Description An issue in Visual Studio Code Live Server allows attackers to exfiltrate files through user interaction with a specially crafted HTML page. Recommendations At the moment, there is no...

5CVSS5.7AI score0.00511EPSS

Exploits1References23

Cvelist•added 2026/02/16 12:0 a.m.•30 views

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

0.00511EPSS

Exploits1References3

Cvelist•added 2026/02/16 12:0 a.m.•26 views

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

0.00639EPSS

Exploits1References2

ATTACKERKB•added 2026/02/16 12:0 a.m.•3 views

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

6.1AI score0.00639EPSS

Exploits1References3

ATTACKERKB•added 2026/02/16 12:0 a.m.•3 views

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

5.5AI score0.00511EPSS

Exploits1References3

Cvelist•added 2026/02/16 12:0 a.m.•26 views

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

0.00322EPSS

Exploits1References2

Vulnrichment•added 2026/02/16 12:0 a.m.•3 views

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

5.5AI score0.00511EPSS

Exploits1References3

Vulnrichment•added 2026/02/16 12:0 a.m.•4 views

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

6.1AI score0.00639EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by