4964 matches found
Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...
Visual Studio Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code locally...
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...
Microsoft Visual Studio Code 路径遍历漏洞
Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A path traversal vulnerability exists in Microsoft Visual Studio Code CoPilot Chat Extension. An attacker exploiting this vulnerability could bypass certain functionality...
Microsoft Visual Studio 命令注入漏洞
Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation in the United States and is a fundamentally complete set of development tools. A remote code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by an attacker to execute code on t...
PT-2025-46514
Name of the Vulnerable Software and Affected Versions Visual Studio Code CoPilot Chat Extension affected versions not specified Description The Visual Studio Code CoPilot Chat Extension contains a flaw related to improper neutralization of special elements used in commands, potentially leading to...
KLA90062 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in GitHub Copilot and Visual Studio...
PT-2025-46515
Name of the Vulnerable Software and Affected Versions Visual Studio Code CoPilot Chat Extension affected versions not specified Description An issue exists in Visual Studio Code CoPilot Chat Extension related to improper limitation of a pathname to a restricted directory, also known as a 'path...
PT-2025-46517
Name of the Vulnerable Software and Affected Versions GitHub Copilot and Visual Studio Code affected versions not specified Description A security feature bypass can occur due to improper validation of generative AI output in GitHub Copilot and Visual Studio Code. An authorized attacker can explo...
Microsoft GitHub Copilot and Visual Studio Code 安全漏洞
Microsoft GitHub Copilot and Visual Studio Code is a combination of intelligent coding tools from Microsoft Corporation USA. A security vulnerability exists in Microsoft GitHub Copilot and Visual Studio Code. An attacker exploiting the vulnerability could bypass certain features...
PT-2025-46507
Name of the Vulnerable Software and Affected Versions Visual Studio affected versions not specified Description An issue exists in Visual Studio related to improper neutralization of special elements used in a command, potentially leading to command injection. An authorized attacker could exploit...
Microsoft Visual Studio Code 命令注入漏洞
Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A command injection vulnerability exists in Microsoft Visual Studio Code CoPilot Chat Extension. An attacker can execute code by exploiting this vulnerability...
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code VS Code extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex,"...
ROS-20251105-07
The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...
ROS-20251105-06
The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
Microsoft Incident Response – Detection and Response Team DART researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface API as a mechanism for command-and-control C2 communications. Instead of relying on more traditional...
CVE-2025-62794
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...
CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...
Linux Distros Unpatched Vulnerability : CVE-2025-55248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...
BIT-DOTNET-SDK-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...