Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.6 views

CVE-2026-25931

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 10:10 p.m.3 views

CVE-2026-25931

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/09 10:10 p.m.5 views

CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References6
CVE
CVE
added 2026/02/09 10:10 p.m.28 views

CVE-2026-25931

The vulnerability affects the vscode-spell-checker extension prior to version 4.5.4. It arises because DocumentSettings._determineIsTrusted uses the cSpell.trustedWorkspace setting as the authoritative trust flag, defaulting to true in package.json. This allows an untrusted workspace to cause the...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.17 views

PT-2026-7180

Name of the Vulnerable Software and Affected Versions vscode-spell-checker versions prior to 4.5.4 Description The vscode-spell-checker extension is susceptible to a workspace-trust bypass that can lead to code execution. The DocumentSettings. determineIsTrusted function incorrectly relies on the...

7.8CVSS6.2AI score0.00126EPSS
Exploits0References12
Rows per page
Query Builder