CVE-2025-68120 Unexpected untrusted code execution in github.com/golang/vscode-go

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

CVE-2025-68120 Unexpected untrusted code execution in github.com/golang/vscode-go

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

CVE-2025-68120

CVE-2025-68120 is a remote code execution vulnerability in the Visual Studio Code Go extension that bypasses Restricted Mode. The root cause is an incomplete blacklist of trusted/untrusted configurations, allowing untrusted workspace settings (eg, go.buildFlags) to reach the extension (via extens...

GO-2025-4249 Unexpected untrusted code execution in github.com/golang/vscode-go

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

PT-2025-53815

Name of the Vulnerable Software and Affected Versions Visual Studio Code Go extension affected versions not specified Description The Visual Studio Code Go extension was disabled in Restricted Mode to prevent unexpected untrusted code execution. Recommendations At the moment, there is no...

Toward Trustworthy Agentic AI: A Multimodal Framework for Preventing Prompt Injection Attacks

Powerful autonomous systems, which reason, plan, and converse using and between numerous tools and agents, are made possible by Large Language Models LLMs, Vision-Language Models VLMs, and new agentic AI systems, like LangChain and GraphChain. Nevertheless, this agentic environment increases the...

CVE-2025-68574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

CVE-2025-68574 WordPress WPBakery Visual Composer WHMCS Elements plugin <= 1.0.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

CVE-2025-68574

CVE-2025-68574 affects Innovs WPBakery Visual Composer WHMCS Elements (void-visual-whmcs-element) and is linked to versions

PT-2025-53262

Name of the Vulnerable Software and Affected Versions WPBakery Visual Composer WHMCS Elements versions through 1.0.4.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the...

WordPress plugin WPBakery Visual Composer WHMCS Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress WPBakery Visual Composer WHMCS Elements plugin <= 1.0.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin WPBakery Visual Composer WHMCS Elements versions = 1.0.4.3...

PT-2025-51948

Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1 Description WBCE CMS version 1.6.1 has a stored cross-site scripting issue. Authenticated attackers can inject malicious JavaScript by inserting script tags into page content using the WYSIWYG editor. Attackers can submi...

EUVD-2025-203811

Malicious code in vscode-azure-mcp-server npm...

Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files

VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file...

MAL-2025-192568 Malicious code in EffetMer.darkgpt (VSCode)

The package downloads and executes a hidden executable from a malicious URL...

(0Day) Microsoft Visual Studio VsDevCmd Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CLSA-2025-1765286037 Fix CVE(s): CVE-2025-22134

SECURITY UPDATE: Heap-buffer overflow when switching buffers in visual mode - debian/patches/CVE-2025-22134.patch: fix visual mode heap-buffer-overflow by resetting VIsual mode on :all - CVE-2025-22134...

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code VS Code Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence AI-powered coding assistan...

📄 Visual Studio 1.39.0 Remote Debugger

Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...