8734 matches found
CLSA-2025-1765286037 Fix CVE(s): CVE-2025-22134
SECURITY UPDATE: Heap-buffer overflow when switching buffers in visual mode - debian/patches/CVE-2025-22134.patch: fix visual mode heap-buffer-overflow by resetting VIsual mode on :all - CVE-2025-22134...
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code VS Code Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence AI-powered coding assistan...
📄 Visual Studio 1.39.0 Remote Debugger
Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first documented in...
Advisory ROSA-SA-2025-3087
Software: git 1.8.3.1 OS: rosa-server79 unaffected versions = git-1.8.3.1-25.0.1.res7 affected versions git-1.8.3.1-25.0.1.1.res7 CVE-ID: CVE-2025-48384 BDU-ID: 2025-08691 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system of the Microsoft Visual Studio softwa...
VulnCheck KEV: CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers
This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...
Security Bulletin: There is a vulnerability in starlette-0.40.0-py3-none-any.whl used by IBM Maximo Visual Inspection application in IBM Maximo Application Suite ( CVE-2025-54121)
Summary There is a vulnerability in starlette-0.40.0-py3-none-any.whl used by IBM Maximo Visual Inspection application in IBM Maximo Application Suite CVE-2025-54121. This Bulletine contains the information regarding affected and remediation versions of the same. Vulnerability Details...
Security Update for Microsoft Visual Studio Code CoPilot Chat Extension (November 2025)
The Microsoft Visual Studio Code CoPilot Chat Extension prior to version 0.32.5. It is, therefore, affected by multiple vulnerabilities. - This vulnerability is a command injection flaw in the Visual Studio Code Copilot Chat Extension, where improper handling of special characters in...
Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803)
In VSTA 2019 prior 16.0.35907.0 and VSTA 2022 prior to 17.0.35906.0, the software contains a vulnerability CVE-2025-29803 that could allow remote or local attackers to execute arbitrary code or escalate privileges within the host application, potentially compromising systems that rely on VSTA for...
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious 'prettier-vscode-plus' extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data...
ROS-20251124-01
A vulnerability in the ASP.NET Core software platform and Microsoft's software development tool, Visual Studio, is related to authentication bypass. Visual Studio is related to authentication bypass. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their...
CVE-2025-64660
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...
EUVD-2025-198368
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network...
CVE-2025-64660
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...
CVE-2025-64660
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...
CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
...
CVE-2025-64660
CVE-2025-64660 affects GitHub Copilot and Visual Studio Code with an improper access control flaw that enables an authorized attacker to execute code over a network. The vulnerability is described as a remote code execution issue due to access-control bypass, impacting Visual Studio Code and GitH...
CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
...
GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...