Microsoft Visual Studio Code 操作系统命令注入漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a vulnerability related to operating system command injection. Attackers can exploit this vulnerability to gain higher privileges...

Ashlar-Vellum多款产品 缓冲区错误漏洞

Ashlar-Vellum Xenon is a product of the Ashlar-Vellum company. Ashlar-Vellum Xenon is a CAD modeling software. Ashlar-Vellum Cobalt is a parametric computer-aided design and 3D modeling program. Ashlar-Vellum Argon is a 2D drafting and 3D modeling software. Several products from the Ashlar-Vellum...

Ashlar-Vellum多款产品 缓冲区错误漏洞

Ashlar-Vellum Xenon is a product of the Ashlar-Vellum company. Ashlar-Vellum Xenon is a CAD modeling software. Ashlar-Vellum Cobalt is a parametric computer-aided design and 3D modeling program. Ashlar-Vellum Argon is a 2D drafting and 3D modeling software. Several products from the Ashlar-Vellum...

PT-2026-40249

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

PT-2026-40244

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

PT-2026-40247

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description Improper neutralization of script-related HTML tags in a web page leads to a basic cross-site scripting XSS issue. This lack of data sanitization at the control level allows an...

PT-2026-40248

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description A relative path traversal issue in Visual Studio Code Live Preview allows an unauthorized attacker to disclose local information. Path traversal is a flaw that enables users to...

PT-2026-40246

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

PT-2026-40428

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...

PT-2026-40430

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

Microsoft Visual Studio Code 路径遍历漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a path traversal vulnerability. Attackers can exploit this vulnerability to obtain sensitive information...

EUVD-2026-29267

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring...

CVE-2026-28963

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring...

CVE-2026-28963

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring...

CVE-2026-28963

CVE-2026-28963 affects iOS and iPadOS; a privacy issue was addressed by removing the vulnerable code and is fixed in iOS 26.5 and iPadOS 26.5 . An attacker with physical access could potentially use Visual Intelligence during iPhone Mirroring to access sensitive user data. The provided documents ...

CVE-2026-28963

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring...

📄 OSK Privilege Escalation

This PowerShell script acts as a wrapper/launcher for a compiled Windows exploit binary targeting the OSK On-Screen Keyboard privilege escalation vulnerability. ================================================================================================================================== | Tit...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017513 advisory. A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...

PT-2026-39328

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description The JSX renderer escapes style attribute object values for HTML but not for CSS. When untrusted input is interpolated into a JSX style object and rendered server-side, characters that act as CSS...

CVE-2026-41929

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...