8730 matches found
Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The specific flaw exists within the handling of mcp.json files. T...
WhatsApp malware campaign delivers VBScript and MSI backdoors
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Hunting queries 4. Indicators of compromise Microsoft Defender Experts observed a campaign beginning in late February 2026 that uses WhatsApp messages to deliver malicious Visual Basic Script VBS files. Once execute...
DEBIAN-CVE-2026-34060
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...
CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...
CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775.
Summary IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-0775 DESCRIPTION: npm cli Incorrect Permission...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049.
Summary IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool...
CVE-2026-32537
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...
PT-2026-28215
Hi guys! Recently I got this email from [email protected]. I read through the email and spotted a few grammatical errors, as well as a share.google link, which I thought was unusual for Microsoft to do. Even though it was fully delivered and signed by GitHub.com, I realised that what the...
PT-2026-28798
OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands...
EUVD-2026-15911
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...
CVE-2026-32537
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...
CVE-2026-32537 WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...
CVE-2026-32537 WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...
CVE-2026-32537
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...
CVE-2026-32537
The CVE-2026-32537 entry describes an authenticated Local File Inclusion (LFI) in the WordPress plugin Visual Portfolio, Photo Gallery & Post Grid (visual-portfolio) caused by improper filename control in PHP include/require statements. Affected versions are Visual Portfolio, Photo Gallery & Post...
PT-2026-28128
I just got mass-mentioned in a GitHub Discussion claiming a "Severe Exploit" in Visual Studio Code. This is almost certainly a scam / malware attempt. Here’s why: Suspicious link: https://share.google/not showing you the actual link is not an official Microsoft or VS Code domain. Fake CVE format:...
PT-2026-28051
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...