CLSA-2026-1779129979 vim: Fix of 3 CVEs

CVE-2022-0261: fix heap-based buffer overflow in blockinsert in src/ops.c - CVE-2022-0318: fix heap-based buffer overflow in utfheadoff in mbyte.c - CVE-2022-3520: clamp bopend.col = 0 in doput to prevent Visual block put underflow...

CVE-2026-46508

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

CVE-2026-46508 Turborepo: VSCode Extension command injection

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

CVE-2026-46508 Turborepo: VSCode Extension command injection

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

CVE-2026-46508

CVE-2026-46508 affects the Turborepo LSP VS Code extension. Before version 2.9.14000, the extension could execute shell commands derived from workspace-controlled values by interpolating them into string-based commands for Turborepo daemon commands and task runs. A malicious workspace could craft...

DarkLLM: Learning Language-Driven Adversarial Attacks with Large Language Models

While vision and multimodal foundation models underpin critical tasks from perception to complex reasoning, they remain highly vulnerable to adversarial attacks. However, traditional adversarial attacks are typically limited to single, predefined objectives, tightly coupling each attack to a...

Microsoft Visual Studio Code < 1.119.1 Multiple Vulnerabilities

The version of Microsoft Visual Studio Code installed on the remote host is prior to 1.119.1. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio...

Turborepo 命令注入漏洞

Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo 2.9.14000 and earlier contained a command injection vulnerability. This vulnerability stemmed from the LSP VS Code extension using string-based commands to execute Turborepo’s daemo...

Microsoft Visual Studio Code Live Preview Extension < 0.4.19 Path Traversal (CVE-2026-41612)

The Microsoft Visual Studio Code Live Preview Extension installed on the remote host is prior to 0.4.19. It is, therefore, affected by a path traversal vulnerability: - Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. CVE-2026-41612 No...

Security Updates for Microsoft Visual Studio Products (May 2026)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 - A tampering vulnerability exists when .NET Core improperl...

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

CVE-2026-41610

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-41611

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

CVE-2026-41613

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-65088

CVE-2025-65088 affects Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share up to version 12.6.1204.216 and earlier. An Out-of-Bounds Read during parsing of a specially crafted VC6 file could disclose information or allow arbitrary code execution. Affected components are the VC6 parser w...

CVE-2025-65086 Out-of-bounds write in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...

CVE-2025-65086

The CVE-2025-65086 entry describes an Out-of-Bounds Write vulnerability in Ashlar-Vellum products Cobalt, Xenon, Argon, Lithium, and Cobalt Share, affected in version 12.6.1204.216 and earlier. The issue arises during parsing of a specially crafted VC6 file, allowing an attacker to execute arbitr...

CVE-2026-28963

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring...

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

CVE-2026-41613

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...