ROS-20251105-06

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

ROS-20251105-07

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control

Microsoft Incident Response – Detection and Response Team DART researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface API as a mechanism for command-and-control C2 communications. Instead of relying on more traditional...

CVE-2025-62794

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...

CVE-2025-62895

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2.1...

CLSA-2025-1761576318 Fix CVE(s): CVE-2022-3520

SECURITY UPDATE: Heap-based Buffer Overflow in visual mode - debian/patches/CVE-2022-3520.patch: check that the column does not become negative - CVE-2022-3520...

EUVD-2025-36043

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2...

CVE-2025-62895

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2.1...

Linux Distros Unpatched Vulnerability : CVE-2025-55248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...

PT-2025-43774

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2...

BIT-DOTNET-SDK-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...

BIT-DOTNET-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...

GlassWorm Malware Targets Developers Through OpenVSX Marketplace

GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios which is vulnerable to this CVE-2025-58754

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios which is vulnerable to this CVE-2025-58754 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2...

MAL-2025-48475 Malicious code in @vscode-bicep-ui/components (npm)

The package @vscode-bicep-ui/components was found to contain malicious code...

Security Update for Microsoft .NET Core (October 2025)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by information disclosure vulnerability as referenced in the vendor advisory. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to...

Security Updates for Microsoft Visual Studio Products (October 2025)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. CVE-2025-55240 - Inadequate encryption strength in .NET,...

Security Updates for Microsoft Visual Studio Products (October 2025)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. CVE-2025-55240 - Inadequate encryption strength in .NET,...

Security Updates for Microsoft Visual Studio Products 17.14.17 (October 2025)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get...