1373 matches found
CVE-2025-65716
CVE-2025-65716 affects Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18. The issue allows attackers to execute arbitrary JavaScript code by uploading a crafted Markdown (.md) file, enabling local port enumeration and data exfiltration to a control domain. The vulnerability is tied ...
PT-2026-8354
Name of the Vulnerable Software and Affected Versions Code Runner versions prior to 0.12.2 Description A flaw exists in the code-runner.executorMap setting of the Code Runner extension for Visual Studio Code. This allows for the execution of arbitrary code when a specially crafted workspace is...
CVE-2025-65715
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...
PT-2026-8355
Name of the Vulnerable Software and Affected Versions Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 Description A flaw exists in Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 that could allow attackers to execute arbitrary code. This is achieved b...
PT-2026-8356
Name of the Vulnerable Software and Affected Versions Visual Studio Code Live Server version 5.7.9 Description An issue in Visual Studio Code Live Server allows attackers to exfiltrate files through user interaction with a specially crafted HTML page. Recommendations At the moment, there is no...
CVE-2025-65717
CVE-2025-65717 affects Visual Studio Code Live Server extension (v5.7.9). According to connected sources, an attacker can exfiltrate local files by luring a developer to a crafted HTML page which, via the local development HTTP server on localhost:5500, executes JavaScript to crawl and send files...
Security Update for Microsoft Visual Studio Code (February 2026)
The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.109.2. It is, therefore, affected by multiple vulnerabilities: - Time-of-check time-of-use toctou race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a...
CVE-2026-21518
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-21518
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-21518
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
...
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
...
CVE-2026-21523
CVE-2026-21523 is a time-of-check time-of-use (TOCTOU) race condition impacting GitHub Copilot and Visual Studio . An authorized attacker could execute code over a network. The issued CVSS 3.1 score is 8.0 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: Low , User I...
CVE-2026-21518
CVE-2026-21518 affects GitHub Copilot for Visual Studio Code and VS Code itself. Description: improper neutralization of special elements used in a command (command injection) allows a remote attacker to bypass a security feature over a network. Affected component/input is attacker-controlled net...
CVE-2026-21518
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-21518 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
...
CVE-2026-21518 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
...
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Time-of-check time-of-use toctou race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network...
Microsoft GitHub Copilot and Visual Studio Code 命令注入漏洞
Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a command injection vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to bypass certain...