Lucene search
K

4964 matches found

Microsoft CVE
Microsoft CVE
added 2025/11/11 8:0 a.m.9 views

Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS5.5AI score0.0046EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/11/11 8:0 a.m.5 views

Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code locally...

6.7CVSS5.9AI score0.00978EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/11/11 8:0 a.m.9 views

Agentic AI and Visual Studio Code Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

8.8CVSS6AI score0.00735EPSS
Exploits0
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.10 views

Microsoft Visual Studio Code 路径遍历漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A path traversal vulnerability exists in Microsoft Visual Studio Code CoPilot Chat Extension. An attacker exploiting this vulnerability could bypass certain functionality...

6.8CVSS5.7AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.4 views

Microsoft Visual Studio 命令注入漏洞

Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation in the United States and is a fundamentally complete set of development tools. A remote code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by an attacker to execute code on t...

6.7CVSS6.4AI score0.00978EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46514

Name of the Vulnerable Software and Affected Versions Visual Studio Code CoPilot Chat Extension affected versions not specified Description The Visual Studio Code CoPilot Chat Extension contains a flaw related to improper neutralization of special elements used in commands, potentially leading to...

8.8CVSS5.9AI score0.00735EPSS
Exploits0References9
Kaspersky
Kaspersky
added 2025/11/11 12:0 a.m.7 views

KLA90062 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in GitHub Copilot and Visual Studio...

8.8CVSS7.2AI score0.00978EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.6 views

PT-2025-46515

Name of the Vulnerable Software and Affected Versions Visual Studio Code CoPilot Chat Extension affected versions not specified Description An issue exists in Visual Studio Code CoPilot Chat Extension related to improper limitation of a pathname to a restricted directory, also known as a 'path...

6.8CVSS5.2AI score0.0046EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46517

Name of the Vulnerable Software and Affected Versions GitHub Copilot and Visual Studio Code affected versions not specified Description A security feature bypass can occur due to improper validation of generative AI output in GitHub Copilot and Visual Studio Code. An authorized attacker can explo...

5CVSS5.4AI score0.00411EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

Microsoft GitHub Copilot and Visual Studio Code 安全漏洞

Microsoft GitHub Copilot and Visual Studio Code is a combination of intelligent coding tools from Microsoft Corporation USA. A security vulnerability exists in Microsoft GitHub Copilot and Visual Studio Code. An attacker exploiting the vulnerability could bypass certain features...

5CVSS5.5AI score0.00411EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.2 views

PT-2025-46507

Name of the Vulnerable Software and Affected Versions Visual Studio affected versions not specified Description An issue exists in Visual Studio related to improper neutralization of special elements used in a command, potentially leading to command injection. An authorized attacker could exploit...

6.7CVSS5.9AI score0.00978EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.4 views

Microsoft Visual Studio Code 命令注入漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A command injection vulnerability exists in Microsoft Visual Studio Code CoPilot Chat Extension. An attacker can execute code by exploiting this vulnerability...

8.8CVSS6.2AI score0.00735EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/11/07 6:48 a.m.8 views

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code VS Code extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex,"...

7AI score
Exploits0
Redos
Redos
added 2025/11/05 12:0 a.m.8 views

ROS-20251105-07

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

9.9CVSS6.7AI score0.66258EPSS
Exploits5
Redos
Redos
added 2025/11/05 12:0 a.m.10 views

ROS-20251105-06

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

9.9CVSS6.7AI score0.66258EPSS
Exploits5
Microsoft Secure
Microsoft Secure
added 2025/11/03 5:0 p.m.4 views

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control

Microsoft Incident Response – Detection and Response Team DART researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface API as a mechanism for command-and-control C2 communications. Instead of relying on more traditional...

7.6AI score
Exploits0
NVD
NVD
added 2025/10/28 9:15 p.m.6 views

CVE-2025-62794

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

3.8CVSS0.00116EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 8:53 p.m.4 views

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

3.8CVSS6.4AI score0.00116EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-55248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...

5.7CVSS7.3AI score0.00681EPSS
Exploits0References2
OSV
OSV
added 2025/10/24 2:39 p.m.7 views

BIT-DOTNET-SDK-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...

5.7CVSS6.5AI score0.00681EPSS
Exploits0References2
Rows per page
Query Builder