Lucene search
K

4960 matches found

UbuntuCve
UbuntuCve
added 2026/04/14 12:0 a.m.9 views

CVE-2026-32203

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network...

7.5CVSS6.5AI score0.01553EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32855

Name of the Vulnerable Software and Affected Versions .NET affected versions not specified Visual Studio affected versions not specified Description A stack-based buffer overflow allows an unauthorized attacker to cause a denial of service over a network. A stack-based buffer overflow occurs when...

7.8CVSS6.7AI score0.02279EPSS
Exploits0References66
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.5 views

Microsoft Visual Studio和Microsoft .NET 安全漏洞

Microsoft Visual Studio and Microsoft .NET are products of Microsoft Corporation in the United States. Microsoft Visual Studio is a suite of development tools; it represents a complete set of development tools that include most of the tools needed throughout the entire software development...

7.5CVSS6.2AI score0.01553EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2026/04/14 12:0 a.m.5 views

KLA90982 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An...

7.8CVSS7.2AI score0.02279EPSS
Exploits0References40
OSV
OSV
added 2026/04/14 12:0 a.m.5 views

UBUNTU-CVE-2026-32203

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network...

7.5CVSS6.5AI score0.01553EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.11 views

Git for Windows 安全漏洞

Git for Windows is a Git client environment suite designed specifically for the Windows operating system, as a part of the open-source Git project. There are security vulnerabilities present in Git for Windows. The following products and versions are affected: Microsoft Visual Studio 2019 version...

7.4CVSS6.5AI score0.00316EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/14 12:0 a.m.8 views

CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

7.5CVSS6.2AI score0.02142EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/04/10 1:23 p.m.5 views

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments IDEs on a developer's machine. The technique has been discovered in an Open VSX extension...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.5 views

KB5029365 for Microsoft Visual Studio 2013 (October 2023)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in DiaSymReader.dll when reading a corrupted PDB file can lead to a Remote Code Execution. CVE-2023-36792, CVE-2023-36793, CVE-2023-36794, CVE-2023-36796 No...

7.8CVSS7.2AI score0.01441EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/04 6:26 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the AddExtension function in the ExtractZip module. An attacker can write arbitrary files outside the intended directory by submitting a specially crafted VSIX file containing path traversal entries. Details A...

8.7CVSS6.4AI score0.00343EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2026/04/02 12:0 a.m.11 views

Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The specific flaw exists within the handling of mcp.json files. T...

7.8CVSS6.3AI score0.01357EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 3:15 a.m.4 views

DEBIAN-CVE-2026-34060

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

7.1CVSS6.2AI score0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/31 1:59 a.m.23 views

CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

7.1CVSS0.00479EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 1:59 a.m.2 views

CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

7.1CVSS6.3AI score0.00479EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.3 views

CVE-2026-32732

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...

5.7AI score0.00327EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 4:0 a.m.10 views

Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28798

OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands...

3.7CVSS5.9AI score0.00217EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28215

Hi guys! Recently I got this email from [email protected]. I read through the email and spotted a few grammatical errors, as well as a share.google link, which I thought was unusual for Microsoft to do. Even though it was fully delivered and signed by GitHub.com, I realised that what the...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.1 views

PT-2026-32880

Name of the Vulnerable Software and Affected Versions System.Security.Cryptography.Xml versions 10.0.0 through 10.0.5 System.Security.Cryptography.Xml versions 9.0.0 through 9.0.14 System.Security.Cryptography.Xml versions 8.0.0 through 8.0.2 .NET affected versions not specified .NET Framework...

7.6CVSS6.2AI score0.02279EPSS
Exploits0References86
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28128

I just got mass-mentioned in a GitHub Discussion claiming a "Severe Exploit" in Visual Studio Code. This is almost certainly a scam / malware attempt. Here’s why: Suspicious link: https://share.google/not showing you the actual link is not an official Microsoft or VS Code domain. Fake CVE format:...

5.8AI score
Exploits0References1
Rows per page
Query Builder