5027 matches found
CVE-2026-48027
Summary: CVE-2026-48027 affects Nx Console, a UI for Nx & Lerna. A malicious copy of Nx Console version 18.95.0 was published briefly in Visual Studio Marketplace (and OpenVSX) around 12:30–12:48 UTC (≈18 minutes) and 12:33–13:09 UTC (≈36 minutes) respectively. The compromised package allowed cod...
EUVD-2026-32550
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...
CVE-2026-48027 Compromised Nx Console version 18.95.0
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...
CVE-2026-48027 Compromised Nx Console version 18.95.0
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...
Nx Console 安全漏洞
Nx Console is an open-source repository management interface that supports visual workflows and AI enhancements. Version Nx Console 18.95.0 contains a security vulnerability. This vulnerability stems from the release of a malicious version on the Visual Studio Marketplace and OpenVSX, which could...
PT-2026-44044
Name of the Vulnerable Software and Affected Versions Nx Console version 18.95.0 Description A malicious version of Nx Console, which serves as the user interface for Nx and Lerna, was published to the Visual Studio Marketplace and OpenVSX. The compromised version was available for approximately ...
GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension
GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000...
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code VS Code Marketplace. The extension in question is rwl.angular-console version 18.95.0, a popular user interface and plugin for code editors like VS Code,...
CVE-2026-46508
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...
CVE-2026-46508 Turborepo: VSCode Extension command injection
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...
CVE-2026-46508
CVE-2026-46508 affects the Turborepo LSP VS Code extension. Before version 2.9.14000, the extension could execute shell commands derived from workspace-controlled values by interpolating them into string-based commands for Turborepo daemon commands and task runs. A malicious workspace could craft...
CVE-2026-46508 Turborepo: VSCode Extension command injection
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...
Microsoft Visual Studio Code < 1.119.1 Multiple Vulnerabilities
The version of Microsoft Visual Studio Code installed on the remote host is prior to 1.119.1. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio...
Turborepo 命令注入漏洞
Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo 2.9.14000 and earlier contained a command injection vulnerability. This vulnerability stemmed from the LSP VS Code extension using string-based commands to execute Turborepo’s daemo...
Microsoft Visual Studio Code Live Preview Extension < 0.4.19 Path Traversal (CVE-2026-41612)
The Microsoft Visual Studio Code Live Preview Extension installed on the remote host is prior to 0.4.19. It is, therefore, affected by a path traversal vulnerability: - Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. CVE-2026-41612 No...
Security Updates for Microsoft Visual Studio Products (May 2026)
The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 - A tampering vulnerability exists when .NET Core improperl...
CVE-2026-41612
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...
CVE-2026-41610
Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-41611
Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...