CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1373 matches found

CNNVD•added 2025/11/11 12:0 a.m.•7 views

Microsoft Visual Studio Code 路径遍历漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A path traversal vulnerability exists in Microsoft Visual Studio Code CoPilot Chat Extension. An attacker exploiting this vulnerability could bypass certain functionality...

6.8CVSS5.7AI score0.0045EPSS

Exploits0References1

Positive Technologies•added 2025/11/11 12:0 a.m.•5 views

PT-2025-46517

Name of the Vulnerable Software and Affected Versions GitHub Copilot and Visual Studio Code affected versions not specified Description A security feature bypass can occur due to improper validation of generative AI output in GitHub Copilot and Visual Studio Code. An authorized attacker can explo...

5CVSS5.4AI score0.00411EPSS

Exploits0References7

The Hacker News•added 2025/11/07 6:48 a.m.•8 views

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code VS Code extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex,"...

7AI score

Exploits0

NVD•added 2025/10/28 9:15 p.m.•3 views

CVE-2025-62794

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

3.8CVSS0.00106EPSS

Exploits0References3

Vulnrichment•added 2025/10/28 8:53 p.m.•3 views

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

3.8CVSS6.4AI score0.00106EPSS

Exploits0References3

HackRead•added 2025/10/23 10:22 a.m.•9 views

GlassWorm Malware Targets Developers Through OpenVSX Marketplace

GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control...

7.2AI score

Exploits0

OSV•added 2025/10/17 3:28 a.m.•2 views

MAL-2025-48475 Malicious code in @vscode-bicep-ui/components (npm)

The package @vscode-bicep-ui/components was found to contain malicious code...

7AI score

Exploits0

The Hacker News•added 2025/10/15 2:16 p.m.•10 views

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

New research has uncovered that publishers of over 100 Visual Studio Code VS Code extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VS Code Marketplace or Open VSX PAT personal access token allow...

7.4AI score

Exploits0