Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

In yet another software supply chain attack, the open-source, artificial intelligence AI-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM P...

PT-2025-50977

Name of the Vulnerable Software and Affected Versions Lightning Flow Scanner versions 6.10.5 and below Description Lightning Flow Scanner, a CLI plugin, VS Code Extension, and GitHub Action for Salesforce Flow analysis and optimization, is affected by an issue where maliciously crafted flow...

CVE-2025-61680 Minecraft RCON Terminal: Plain Text Password Storage in Configuration

Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0...

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2021-22195

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system...

CVE-2020-13279

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system...

Code Reviewer

Reviews code Module Options msf use exploit/multi/fileformat/visualstudiovsixexec msf exploitvisualstudiovsixexec show targets ...targets... msf exploitvisualstudiovsixexec set TARGET msf exploitvisualstudiovsixexec show options ...show and set options... msf exploitvisualstudiovsixexec exploit...