FreeBSD : vscode -- security feature bypass vulnerability (6f10b49d-07b1-4be4-8abf-edf880b16ad2)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f10b49d-07b1-4be4-8abf-edf880b16ad2 advisory. VSCode developers report: A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier...

CVE-2021-22195

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system...

CVE-2020-13279

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system...

MAL-2025-1043 Malicious code in llvm-vs-code-extensions.vscode-clangd (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b822fb613c3a0252eacdb48a5dea6a7b94786cc7b461e72423800257d6d650c Any computer that has this package installed or running should be considered...

Malicious code in clarity-vs-code-web-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b9931dae1aea529cfab0af59c13f394053428a779eb80926016e72d7e8447b19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cursor’s Magic Comes with a Catch: The Trust Setting You’re Missing

Occasionally, a new AI tool emerges unexpectedly and dominates the conversation on social media. This time, that tool is Cursor, an AI coding platform that’s making waves for simplifying app development with advanced models like Claude 3.5 Sonnet and GPT-4o. In a recent video posted on X, which h...

Code Reviewer

Reviews code Module Options msf use exploit/multi/fileformat/visualstudiovsixexec msf exploitvisualstudiovsixexec show targets ...targets... msf exploitvisualstudiovsixexec set TARGET msf exploitvisualstudiovsixexec show options ...show and set options... msf exploitvisualstudiovsixexec exploit...

BIT-MYSQL-SHELL-2022-21555

Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL component: Shell: GUI. Supported versions that are affected are 1.1.8 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Shell for VS Code executes to...

BIT-MONGODB-2021-32039 MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code includi...

GitHub: Source Code and data exfiltration via Github Copilot

The vulnerability was caused by insecure output handling in the Copilot client interfaces. A prompt injection attack was able to result in data exfiltration. The vulnerability was addressed by only rendering images from trusted domains and adding interstitial modals to inform users about link...

This Week in Spring - December 12th, 2023

Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...

CVE-2023-46248

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

Remote code execution

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

FreeBSD : vscode -- VS Code Remote Code Execution Vulnerability (4bc66a81-89d2-4696-a04b-defd2eb77783)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4bc66a81-89d2-4696-a04b-defd2eb77783 advisory. - Visual Studio Code Remote Code Execution Vulnerability CVE-2023-36742 Note that Nessus has not tested...

GHSA-4VRV-93C7-M92J snyk Code Injection vulnerability

The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...

snyk Code Injection vulnerability

The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...

vscode -- VS Code Information Disclosure Vulnerability

VSCode developers reports: VS Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. A...

vscode -- Visual Studio Code Information Disclosure Vulnerability

[email protected] reports: Visual Studio Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of...

Exploit for CVE-2021-26700

CVE-2021-26700 Note: this manual is valid for DSNS lab's...

K21037322: Multiple MySQL vulnerabilities CVE-2022-21547, CVE-2022-21550, CVE-2022-21553, CVE-2022-21555, CVE-2022-21556

Security Advisory Description CVE-2022-21547 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Federated. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco...