4960 matches found
CVE-2026-25046 [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js
Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code VS Code extension for Moltbot formerly Clawdbot on the official Extension Marketplace that claims to be a free artificial intelligence AI coding assistant, but stealthily drops a malicious payload on compromised...
NVIDIA CUDA Toolkit < 13.1 Multiple Vulnerabilities
The version of NVIDIA CUDA Toolkit installed on the remote host is prior to 13.1. It is, therefore, affected by multiple vulnerabilities, including the following: - NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by...
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code VS Code projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new...
CVE-2025-33229
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...
CVE-2025-33229
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...
CVE-2025-33229
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...
CVE-2025-33229
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...
CVE-2025-33229
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...
CVE-2025-33229
The CVE-2025-33229 issue affects NVIDIA Nsight Visual Studio for Windows and its Nsight Monitor component. The vulnerability allows an attacker to execute arbitrary code with the same privileges as the Nsight Monitor process, potentially enabling privilege escalation, code execution, data tamperi...
CVE-2025-33229
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code VS Code extension ecosystem. "The malware is designed to exfiltrate sensitive informatio...
CVE-2026-22718
The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...
CVE-2026-22718
The CVE-2026-22718 entry concerns the VSCode extension for Spring CLI, attributed to VMware, with a vulnerability allowing command injection and subsequent command execution on the user’s machine. Connected advisories consistently describe this as a vulnerability in the Spring CLI VSCode extensio...
VMware Spring CLI VSCode Extension 安全漏洞
VMware Spring CLI VSCode Extension is a Visual Studio Code add-in from VMware, Inc. A security vulnerability exists in VMware Spring CLI VSCode Extension that originates from command injection and could lead to the execution of commands on a user's machine...
PT-2026-2793
The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...
Exploit for CVE-2025-68120
Vulnerability Write-up: Command Injection in VS Code Go Extens...
CVE-2021-28967
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings...
CVE-2021-28792
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...
CVE-2021-31414
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration...