Microsoft Visual Studio Code 访问控制错误漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Visual Studio Code that stems from improper access control and could lead to bypassing security features...

KLA90452 SB vulnerability in Microsoft Developer Tools

A security feature bypass vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2025-64660 Related products Visual-Studio-Code CVE list CVE-2025-64660 critical Solution Install necessary update...

PT-2025-47646

Name of the Vulnerable Software and Affected Versions GitHub Copilot and Visual Studio Code affected versions not specified Description An issue with access control exists in GitHub Copilot and Visual Studio Code. This allows an authorized attacker to bypass a security feature over a network...

Malicious code in SIRILMP.dark-theme-sm (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a30acc5c978ef579bc01603521f705b16016df5a2e72e44e1c0f3222ff2e6068 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191165 Malicious code in kleinesfilmroellchen.serenity-dsl-syntaxhighlight (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 4cd24ae9caaea029653d9b9516f034a9ff19684891421dd3558c584f02076c8f This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191160 Malicious code in ellacrity.recoil (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c10eec28bf8da96caa61583697ae4e44102b7a4f1b84e361e0f609be824a79c6 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191164 Malicious code in JScearcy.rust-doc-viewer (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1dbdd73bf66fbfde48d73e86ebfbb11ca8bb6f44ff57a5030596fc189f962ddf This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191167 Malicious code in SIRILMP.dark-theme-sm (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a30acc5c978ef579bc01603521f705b16016df5a2e72e44e1c0f3222ff2e6068 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191159 Malicious code in codejoy.codejoy-vscode-extension (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6039e624de3c28cc21aa1c268dc71e67352c90ec642f4efc51fc47de34f9d47b This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

cve-exploit-chain-analyzer

🔐 CVE Exploit Chain Analyzer Automated vulnerability scanner...

WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block vulnerability

WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin = 1.5.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Count Up block vulnerability discovered by zer0gh0st in WordPress Plugin Gutenify versions = 1.5.9...

Microsoft Patch Tuesday, November 2025 Edition

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of...

Security Update for Microsoft Visual Studio Code (November 2025)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.105.1. It is, therefore, affected by security feature bypass vulnerability. Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a...

We opened a fake invoice and fell down a retro XWorm-shaped wormhole

Somebody forwarded an “invoice” email and asked me to check the attachment because it looked suspicious. Good instinct—it was, and what we found inside was a surprisingly old trick hiding a modern threat. What it does If the recipient had opened the attached Visual Basic Script .vbs file, it woul...

Prototype Pollution

json-schema-editor-visual is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied input in the setData and deleteData functions, which allows an attacker to supply a crafted payload to inject or delete properties on Object.prototype, potentially...

CVE-2025-64710

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2025-29343)

Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation in the United States and is a fundamentally complete set of development tools. A remote code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by an attacker to execute code on t...

PT-2025-46773

Name of the Vulnerable Software and Affected Versions Bitplatform Boilerplate versions prior to 9.11.3 Description Bitplatform Boilerplate, a Visual Studio and .NET project template, contains a cross-site scripting XSS issue within the WebInteropApp/WebAppInterop component. This could allow...

CVE-2025-62453

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally...

CVE-2025-62222

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...