4960 matches found
CVE-2026-32203
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network...
PT-2026-32855
Name of the Vulnerable Software and Affected Versions .NET affected versions not specified Visual Studio affected versions not specified Description A stack-based buffer overflow allows an unauthorized attacker to cause a denial of service over a network. A stack-based buffer overflow occurs when...
Microsoft Visual Studio和Microsoft .NET 安全漏洞
Microsoft Visual Studio and Microsoft .NET are products of Microsoft Corporation in the United States. Microsoft Visual Studio is a suite of development tools; it represents a complete set of development tools that include most of the tools needed throughout the entire software development...
KLA90982 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An...
UBUNTU-CVE-2026-32203
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network...
Git for Windows 安全漏洞
Git for Windows is a Git client environment suite designed specifically for the Windows operating system, as a part of the open-source Git project. There are security vulnerabilities present in Git for Windows. The following products and versions are affected: Microsoft Visual Studio 2019 version...
CVE-2026-33116
Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments IDEs on a developer's machine. The technique has been discovered in an Open VSX extension...
KB5029365 for Microsoft Visual Studio 2013 (October 2023)
The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in DiaSymReader.dll when reading a corrupted PDB file can lead to a Remote Code Execution. CVE-2023-36792, CVE-2023-36793, CVE-2023-36794, CVE-2023-36796 No...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the AddExtension function in the ExtractZip module. An attacker can write arbitrary files outside the intended directory by submitting a specially crafted VSIX file containing path traversal entries. Details A...
Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The specific flaw exists within the handling of mcp.json files. T...
DEBIAN-CVE-2026-34060
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...
CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...
CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...
PT-2026-28798
OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands...
PT-2026-28215
Hi guys! Recently I got this email from [email protected]. I read through the email and spotted a few grammatical errors, as well as a share.google link, which I thought was unusual for Microsoft to do. Even though it was fully delivered and signed by GitHub.com, I realised that what the...
PT-2026-32880
Name of the Vulnerable Software and Affected Versions System.Security.Cryptography.Xml versions 10.0.0 through 10.0.5 System.Security.Cryptography.Xml versions 9.0.0 through 9.0.14 System.Security.Cryptography.Xml versions 8.0.0 through 8.0.2 .NET affected versions not specified .NET Framework...
PT-2026-28128
I just got mass-mentioned in a GitHub Discussion claiming a "Severe Exploit" in Visual Studio Code. This is almost certainly a scam / malware attempt. Here’s why: Suspicious link: https://share.google/not showing you the actual link is not an official Microsoft or VS Code domain. Fake CVE format:...