Lucene search
K

368 matches found

OSV
OSV
added 2025/06/13 1:28 a.m.2 views

MAL-2025-5048 Malicious code in plonkscript-vscode (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd8b408dc44765c7024604210cc19ed0865efde3585895653edf022fecd41d5b Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.14 views

CVE-2022-45025

Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function...

9.8CVSS8AI score0.34525EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.10 views

CVE-2022-45026

An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process...

9.8CVSS7.8AI score0.00954EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.14 views

CVE-2021-29658

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...

8.8CVSS7.6AI score0.01243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:56 p.m.6 views

CVE-2021-28956

The unofficial vscode-sass-lint aka Sass Lint extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

8.8CVSS7.5AI score0.01539EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.10 views

CVE-2021-30502

The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...

9.8CVSS8AI score0.02899EPSS
Exploits0References1
OSV
OSV
added 2025/05/18 8:58 p.m.4 views

MAL-2025-3957 Malicious code in vscode-oja (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 222332856f685e334465b24346da36177ea57028e903aaf5c7b6fc845f1e601a The OpenSSF Package Analysis project identified 'vscode-oja' @ 100.0.2 npm as malicious. It is considered malicious because: - The package...

7.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/18 8:58 p.m.4 views

Malicious code in vscode-oja (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 222332856f685e334465b24346da36177ea57028e903aaf5c7b6fc845f1e601a The OpenSSF Package Analysis project identified 'vscode-oja' @ 100.0.2 npm as malicious. It is considered malicious because: - The package...

7.2AI score
Exploits0
NVD
NVD
added 2025/04/19 4:15 p.m.15 views

CVE-2025-3804

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...

5.3CVSS0.00201EPSS
Exploits0References5
CVE
CVE
added 2025/04/19 3:31 p.m.60 views

CVE-2025-3804

CVE-2025-3804 affects thautwarm vscode-diana 0.0.1, specifically the Jinja2 Template Handler’s Gen.py component where an unknown function exposure enables injection. Local access is required; exploitation has been disclosed publicly. Multiple connected sources corroborate a critical issue with lo...

5.3CVSS5.7AI score0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/19 3:31 p.m.19 views

CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...

5.3CVSS0.00201EPSS
Exploits0References5
OSV
OSV
added 2025/04/19 3:31 p.m.4 views

CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...

4.8CVSS5.6AI score0.00201EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/04/19 3:31 p.m.5 views

CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...

5.3CVSS7.3AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.4 views

PT-2025-17381 · Jinja2 +1 · Jinja2 +2

Name of the Vulnerable Software and Affected Versions: thautwarm vscode-diana version 0.0.1 Description: A critical vulnerability has been found in the Jinja2 Template Handler component of thautwarm vscode-diana. The issue affects an unknown function of the file Gen.py and leads to injection. Loc...

5.3CVSS5.6AI score0.00201EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2025/03/24 11:10 a.m.24 views

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code VSCode Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace...

7.7AI score
Exploits0
OSV
OSV
added 2025/03/20 8:19 a.m.2 views

MAL-2025-2584 Malicious code in vscode-typescript-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9162b86c7482b306e1b5ef08b17ce67a14c45fbb9ae585e6113b17174fb27409 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/20 8:19 a.m.3 views

Malicious code in vscode-typescript-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9162b86c7482b306e1b5ef08b17ce67a14c45fbb9ae585e6113b17174fb27409 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/05 10:41 a.m.6 views

Malicious code in vscode-ps1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89a6b0c5359c6999b0721fc722f11353dd05b6e52a6795c5da8174e0a353fa54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Hacker One
Hacker One
added 2025/02/17 10:14 p.m.1672 views

Hemi VDP: VSCode launch.json file exposed on hemi.xyz

A .vscode/launch.json file was published publicly on https://hemi.xyz/...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/13 12:0 a.m.11 views

FreeBSD : vscode -- multiple vulnerabilities (cbf5d976-656b-4bb6-805f-3af038e2de3e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cbf5d976-656b-4bb6-805f-3af038e2de3e advisory. VSCode developers report: The update addresses these issues, including a fix for a security...

7.3CVSS8.3AI score0.00735EPSS
Exploits0References5
Rows per page
Query Builder