Lucene search
+L

5027 matches found

CVE
CVE
added 2026/05/27 3:50 p.m.74 views

CVE-2026-48027

Summary: CVE-2026-48027 affects Nx Console, a UI for Nx & Lerna. A malicious copy of Nx Console version 18.95.0 was published briefly in Visual Studio Marketplace (and OpenVSX) around 12:30–12:48 UTC (≈18 minutes) and 12:33–13:09 UTC (≈36 minutes) respectively. The compromised package allowed cod...

9.8CVSS5.8AI score0.0185EPSS
In wildExploits1References5Affected Software1
EUVD
EUVD
added 2026/05/27 3:50 p.m.15 views

EUVD-2026-32550

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.8CVSS5.8AI score0.0185EPSS
Exploits1References4
OSV
OSV
added 2026/05/27 3:50 p.m.3 views

CVE-2026-48027 Compromised Nx Console version 18.95.0

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.3CVSS5.9AI score0.0185EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/05/27 3:50 p.m.153 views

CVE-2026-48027 Compromised Nx Console version 18.95.0

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.3CVSS0.0185EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2026/05/27 11:48 a.m.27 views

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

6.2AI score
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Nx Console 安全漏洞

Nx Console is an open-source repository management interface that supports visual workflows and AI enhancements. Version Nx Console 18.95.0 contains a security vulnerability. This vulnerability stems from the release of a malicious version on the Visual Studio Marketplace and OpenVSX, which could...

9.8CVSS5.8AI score0.0185EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-44044

Name of the Vulnerable Software and Affected Versions Nx Console version 18.95.0 Description A malicious version of Nx Console, which serves as the user interface for Nx and Lerna, was published to the Visual Studio Marketplace and OpenVSX. The compromised version was available for approximately ...

9.8CVSS5.9AI score0.0185EPSS
Exploits1References28
HackRead
HackRead
added 2026/05/20 1:55 p.m.22 views

GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 7:49 a.m.13 views

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code VS Code Marketplace. The extension in question is rwl.angular-console version 18.95.0, a popular user interface and plugin for code editors like VS Code,...

6.1AI score
Exploits0
NVD
NVD
added 2026/05/15 4:16 p.m.15 views

CVE-2026-46508

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

8.4CVSS0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 3:50 p.m.9 views

CVE-2026-46508 Turborepo: VSCode Extension command injection

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

8.4CVSS6.2AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 3:50 p.m.41 views

CVE-2026-46508

CVE-2026-46508 affects the Turborepo LSP VS Code extension. Before version 2.9.14000, the extension could execute shell commands derived from workspace-controlled values by interpolating them into string-based commands for Turborepo daemon commands and task runs. A malicious workspace could craft...

8.4CVSS6.2AI score0.00158EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/15 3:50 p.m.50 views

CVE-2026-46508 Turborepo: VSCode Extension command injection

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

8.4CVSS0.00158EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.53 views

Microsoft Visual Studio Code < 1.119.1 Multiple Vulnerabilities

The version of Microsoft Visual Studio Code installed on the remote host is prior to 1.119.1. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio...

8.8CVSS6AI score0.00861EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Turborepo 命令注入漏洞

Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo 2.9.14000 and earlier contained a command injection vulnerability. This vulnerability stemmed from the LSP VS Code extension using string-based commands to execute Turborepo’s daemo...

8.4CVSS6.2AI score0.00158EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.7 views

Microsoft Visual Studio Code Live Preview Extension < 0.4.19 Path Traversal (CVE-2026-41612)

The Microsoft Visual Studio Code Live Preview Extension installed on the remote host is prior to 0.4.19. It is, therefore, affected by a path traversal vulnerability: - Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. CVE-2026-41612 No...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

Security Updates for Microsoft Visual Studio Products (May 2026)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 - A tampering vulnerability exists when .NET Core improperl...

7.3CVSS6.8AI score0.00711EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.16 views

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.16 views

CVE-2026-41610

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

6.3CVSS5.8AI score0.00599EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.14 views

CVE-2026-41611

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

7.8CVSS6AI score0.00421EPSS
Exploits0References1
Rows per page
Query Builder