4960 matches found
Security Updates for Microsoft Visual Studio Products 17.14.17 (October 2025)
The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get...
Security Update for Microsoft .NET Core (October 2025)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by information disclosure vulnerability as referenced in the vendor advisory. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to...
Security Updates for Microsoft Visual Studio Products (October 2025)
The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. CVE-2025-55240 - Inadequate encryption strength in .NET,...
BeaverTail and OtterCookie evolve with a new Javascript module
Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea DPRK. This group is known for impersonating hiring organizations to target job seekers, tricking them into installing information-stealing malware to obtain cryptocurrency and user credential...
CVE-2025-55240
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally...
EUVD-2025-34346
Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability...
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code VS Code extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VS Code Marketplace or Open VSX PAT personal access token allow...
EUVD-2025-34347
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally...
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwq6-fmvp-qp68. This link is maintained to preserve external references. Original Description Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose...
CVE-2025-55240
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally...
CVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...
CVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...
CVE-2025-55240
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally...
CVE-2025-55248
CVE-2025-55248 is an information-disclosure vulnerability in the .NET ecosystem (affecting .NET 8.0/9.0 runtimes) caused by insufficient encryption, enabling an authorized network attacker to access leaked data. The issue is discussed in Microsoft and ENISA/ALMAS advisories, which indicate affect...
CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
...
CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
...
CVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...
CVE-2025-55240 Visual Studio Elevation of Privilege Vulnerability
...
CVE-2025-55240 Visual Studio Elevation of Privilege Vulnerability
...
CVE-2025-55240
CVE-2025-55240 is a Visual Studio elevation-of-privilege issue described as an improper access control that lets an authorized attacker escalate to full local privileges. CVSS indicates local attack, low attack complexity, required low privileges, and user interaction, with high impact on confide...