8734 matches found
CVE-2025-62449
Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...
CVE-2025-62214
Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code locally...
EUVD-2025-116999
Malicious code in visual-turquoise-vicuna npm...
Malicious code in visual-turquoise-vicuna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78692f7b8fe0dd5c0c474720c7411abba945547e12c86775a46fdfc4f29864a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Microsoft Patch Tuesday, November 2025 Security Update Review
Microsoft released its November Patch Tuesday Security Updates. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for November 2025 This month's release addresses 68 vulnerabilities, including five critical and 59 important-severity vulnerabilities. In this month's update...
Vulnerabilities fixed in Microsoft Visual Studio
Microsoft has fixed vulnerabilities in Visual Studio and Code Copilot for Visual Studio. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code in the victim's context. For successful exploitation, the malicious party must trick the victim into...
CVE-2025-62453
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally...
CVE-2025-62449
Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...
CVE-2025-62449
Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...
CVE-2025-62222
Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...
CVE-2025-62222
Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...
CVE-2025-62214
Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code locally...
CVE-2025-62214
Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code locally...
CVE-2025-62453
CVE-2025-62453 affects GitHub Copilot and Visual Studio Code due to improper validation of generative AI output, enabling an authorized local attacker to bypass a security feature. Multiple sources corroborate a security feature bypass vulnerability in Visual Studio Code and Copilot Chat, with im...
CVE-2025-62453 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
...
CVE-2025-62453 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
...
EUVD-2025-93392
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally...
CVE-2025-62222 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
...
CVE-2025-62449
The CVE-2025-62449 issue is a path traversal vulnerability in the Visual Studio Code CoPilot Chat Extension (prior to version 0.32.5). A local, low-privilege, authorized attacker can bypass a security feature and access files outside the intended workspace, with high impact to confidentiality and...
CVE-2025-62222
The CVE-2025-62222 issue affects the Visual Studio Code CoPilot Chat Extension, with a command injection flaw caused by improper handling of special characters in user-controlled input. It enables remote code execution over the network when exploited against versions prior to 0.32.5. Mitigation: ...