4957 matches found
PT-2026-48022
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...
Microsoft ASP.NET Core 资源管理错误漏洞
Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. There is a resource management vulnerability in Microsoft ASP.NET Core. Attackers can...
PT-2026-47964
Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper limitation of a pathname to a restricted directory, known as path traversal, allows an unauthorized attacker to bypass...
PT-2026-48021
Name of the Vulnerable Software and Affected Versions Visual Studio Code versions prior to 1.123.1 Description Exposure of sensitive information to an unauthorized actor allows an attacker to disclose information over a network. Recommendations Update to version 1.123.1 or later...
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code VS Code will apply a two-hour delay before extensions for the integrated development environment IDE are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new version...
ROS-20260608-73-0026
The vulnerability of the Microsoft Visual Studio software development tool and the .NET software platform is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
ROS-20260608-73-0025
The vulnerability of the Microsoft .NET software platform, Microsoft .NET Framework, and the source code editor Visual Studio is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
ROS-20260608-73-0019
The vulnerability of the Microsoft Visual Studio software development tool and the .NET software platform is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
ROS-20260608-73-0018
The vulnerability of the Microsoft Visual Studio software development tool and the .NET software platform is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
ROS-20260608-73-0017
The vulnerability of the Microsoft .NET software platform, Microsoft .NET Framework, and the source code editor Visual Studio is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
ROS-20260608-73-0016
The vulnerability of the Microsoft .NET software platform, Microsoft .NET Framework, and the source code editor Visual Studio is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
CVE-2026-11422
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
CVE-2026-11422
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
CVE-2026-11422 Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
CVE-2026-11422 Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
CVE-2026-11422
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...
PT-2026-47053
Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions 0.8.x Description A code injection issue exists in the WaveDrom rendering pipeline. Attackers can execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted...
Security Update for Microsoft Visual Studio Code Nx-Console Extension (CVE-2026-48027)
The Microsoft Visual Studio Code Nx-Console Extension is version 18.95.0. It is, therefore, affected by an embedded malicious code vulnerability. The compromised extension fetched an obfuscated payload that could harvest credentials from multiple sources on disk and in memory. Note that Nessus ha...
Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code VS Code that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones...