CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

CVE-2025-66389

GitHub Copilot 1.372.0 is affected. The flaw allows filesystem access outside the workspace folder via a file-handler URI parameter to fetch_webpage, without user approval. This could enable exfiltration if an indirect prompt injection occurs. The CVSS 3.1 base score is 7.5 (HIGH) with network at...

7.5CVSS5.9AI score0.0036EPSS

Exploits0References3

EUVD•added 2026/01/09 9:10 p.m.•5 views

EUVD-2026-1682

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...

8.4CVSS7AI score0.01279EPSS

Exploits0References5

CNNVD•added 2026/01/09 12:0 a.m.•2 views

Kiro IDE 安全漏洞

Kiro IDE is an integrated development environment from Kiro Open Source. A security vulnerability exists in Kiro IDE versions prior to 0.6.18, which stems from a command injection vulnerability in the handling of specially crafted workspace folder names, which could lead to the execution of...

8.4CVSS7.6AI score0.01279EPSS

Exploits0References2

Positive Technologies•added 2026/01/09 12:0 a.m.•6 views

PT-2026-2030

Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.6.18 Description Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper. This occurs when opening maliciously crafted workspaces. The...

8.4CVSS7.5AI score0.01279EPSS

Exploits0References12

RedhatCVE•added 2025/05/22 9:24 p.m.•13 views

CVE-2021-29658

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...

8.8CVSS7.6AI score0.01243EPSS

Exploits0References1

NVD•added 2021/07/30 2:15 p.m.•9 views

CVE-2021-30124

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...

9.8CVSS0.03049EPSS

Exploits0References3

OSV•added 2021/07/30 2:15 p.m.•16 views

CVE-2021-30124

9.8CVSS8.1AI score

Exploits0References3

Cvelist•added 2021/07/29 10:27 a.m.•11 views

CVE-2021-30124

9.9AI score0.03049EPSS

Exploits0References3

OSV•added 2021/03/31 5:15 p.m.•11 views

CVE-2021-29658

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...

8.8CVSS7.6AI score

Exploits0References3

Prion•added 2021/03/31 5:15 p.m.•10 views

Design/Logic Flaw

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...

6.8CVSS8.8AI score0.01243EPSS

Exploits0References3Affected Software1

Cvelist•added 2021/03/31 4:58 p.m.•24 views

CVE-2021-29658

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...

9.1AI score0.01243EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by