Lucene search
+L
MicrosoftVisual Studio Code

33 matches found

CVE
CVE
added 2020/01/24 8:50 p.m.2564 views

CVE-2019-1414

CVE-2019-1414 affects Visual Studio Code. A local elevation-of-privilege vulnerability arises when VS Code exposes a debug listener/port to the local user, allowing code injection in the user context. Affected versions are generally prior to 1.39.1; remediation is to update VS Code to 1.39.1 or l...

7.8CVSS7.5AI score0.01045EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.1005 views

CVE-2021-43891

A concrete exploit artifact exists for CVE-2021-43891: the Github repo Exploit for CVE-2021-43891 demonstrates a Proof-of-Concept remote code execution in Visual Studio Code via the Remote WSL component. The PoC provides build/install steps, a local server workflow, and specific file-system locat...

7.8CVSS7.9AI score0.11731EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.866 views

CVE-2023-21779

CVE-2023-21779 is a Visual Studio Code remote code execution vulnerability. The entry indicates a HIGH severity (CVSSv3.1 7.8) with a local attack vector, requiring user interaction, and impacting the confidentiality, integrity, and availability of affected systems. The vulnerability is documente...

7.8CVSS7.9AI score0.02274EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.797 views

CVE-2021-34529

Technical details about CVE-2021-34529 (affected product, root cause, impact, or fixes) are not publicly provided in the connected documents; monitor official advisories and updates for authoritative information.

7.8CVSS7.9AI score0.03862EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.614 views

CVE-2022-41034

Technical details are not publicly available in the provided documents. Monitor for updates.

7.8CVSS7.8AI score0.67469EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.566 views

CVE-2023-36742

Microsoft Visual Studio Code is affected by CVE-2023-36742 through vulnerable pre-1.82.1 builds. Connected documents describe a remote code execution scenario in VS Code where a user must open a malicious project; a crafted dependencies entry in package.json causes npm to execute scripts locally,...

7.8CVSS7.9AI score0.01206EPSS
CVE
CVE
added 2022/04/15 7:6 p.m.260 views

CVE-2022-26921

CVE-2022-26921 is a Local Privilege Escalation affecting Visual Studio Code. According to the CVE data, the vulnerability supports local attack vector, requires LOW privileges, and does not require user interaction (UI: NONE). The impact is described as high for confidentiality, integrity, and av...

7.8CVSS7.4AI score0.0057EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.245 views

CVE-2023-24893

CVE-2023-24893 affects Visual Studio Code; versions prior to 1.77.2 are vulnerable to remote code execution. An attacker could bypass authentication and execute arbitrary commands. Remediation: update VS Code to 1.77.2 or later per Nessus plugin details. Other sources corroborate RCE vectors for ...

7.8CVSS7.9AI score0.01103EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.170 views

CVE-2021-1639

CVE-2021-1639 appears as a Visual Studio Code remote code execution vulnerability. Connected sources confirm Visual Studio Code is affected and note public exploits exist (Kaspersky). The documents provide high-severity impact for this CVE but do not consistently expose concrete root-cause detail...

7.8CVSS7AI score0.01978EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.155 views

CVE-2021-34479

CVE-2021-34479 is a spoofing vulnerability affecting Microsoft Visual Studio (and related tooling in the Microsoft Visual Studio family). The connected sources describe an ability to spoof the user interface, enabling deception of users, with references to the vulnerability in Microsoft advisorie...

7.8CVSS6.3AI score0.0314EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.150 views

CVE-2020-17148

CVE-2020-17148 affects the Visual Studio Code Remote Development Extension (SSH-based remote access). The root cause is a defect in the SSH editor’s source code handling that enables remote code execution. The vulnerability enables an attacker to execute arbitrary code on the vulnerable host with...

7.8CVSS7.8AI score0.03552EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.147 views

CVE-2024-43601

CVE-2024-43601 affects Visual Studio Code for Linux, with a remote code execution vulnerability in VS Code 1.94.0 and earlier, linked to the elevated save flow. The root cause is a flaw in the save operation that can allow arbitrary code execution when processing saved data. Public details in con...

7.8CVSS7.5AI score0.01046EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.146 views

CVE-2021-31211

CVE-2021-31211 is an in-the-wild remote code execution issue in Visual Studio Code. Arch Linux ASA-202107-34 and Microsoft guidance confirm that vulnerabilities in VS Code prior to 1.58.0-1 allow arbitrary code execution via crafted remote terminal settings (and related issues in task/runner logi...

7.8CVSS7.8AI score0.02519EPSS
CVE
CVE
added 2022/09/13 6:42 p.m.145 views

CVE-2022-38020

CVE-2022-38020 affects Visual Studio Code. The connected Nessus entry confirms a privilege-escalation vulnerability in VS Code versions prior to 1.17.1. An authenticated, local attacker can exploit this to elevate privileges to those of another user on the affected system. The plugin text notes a...

7.3CVSS7.4AI score0.00962EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.141 views

CVE-2021-28469

CVE-2021-28469 is a Visual Studio Code remote code execution vulnerability. Connected sources identify Visual Studio Code and related extensions as affected; the Nessus plugin notes that vulnerable versions include those prior to 1.55.2. The NVD/MSRC entry lists a high CVSS 3.1 (7.8) impact with ...

7.8CVSS7.8AI score0.02705EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.121 views

CVE-2021-28457

CVE-2021-28457 is a Visual Studio Code remote code execution vulnerability. The connected records identify affected software as Visual Studio Code and, specifically, the GitHub Pull Requests and Issues Extension, among other VS Code-related components, with a root cause leading to arbitrary code ...

7.8CVSS7.8AI score0.02705EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.118 views

CVE-2021-28475

CVE-2021-28475 corresponds to a Visual Studio Code remote code execution vulnerability. Public references in connected sources confirm impact via remote code execution in Visual Studio Code (and related tooling such as the GitHub PRs and Issues extension) and note that Microsoft released security...

7.8CVSS7.8AI score0.02705EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.117 views

CVE-2021-28473

CVE-2021-28473 is a Visual Studio Code remote code execution vulnerability with a base CVSS:3.1 score of 7.8 (HIGH). The available documentation indicates the affected product is Visual Studio Code (and related Visual Studio Code extensions in the ecosystem), with the vulnerability categorized as...

7.8CVSS7.8AI score0.02705EPSS
CVE
CVE
added 2021/11/10 12:47 a.m.116 views

CVE-2021-42322

CVE-2021-42322 is a Visual Studio Code elevation of privilege vulnerability with a local attack vector and no user interaction. Connected sources (NVD, MS advisory, NCSC) confirm affected product: Visual Studio Code; impact: higher privileges with high confidentiality, integrity, and availability...

7.8CVSS7.9AI score0.0048EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.115 views

CVE-2022-41042

CVE-2022-41042 is a Visual Studio Code information disclosure vulnerability. The CVE entry concerns Visual Studio Code and related tooling; the vulnerability is described as information disclosure with a CVSSv3.1 base score of 7.4 (HIGH), requiring user interaction and with network attack vector ...

7.4CVSS7.4AI score0.01922EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.115 views

CVE-2025-24042

CVE-2025-24042 : The issue is an Elevation of Privilege in the Visual Studio Code JS Debug Extension. Public sources describe two related weaknesses in VS Code components: (1) a vulnerability enabling privilege escalation via a crafted node module or binary injection in the JS Debug/remote server...

7.3CVSS7.4AI score0.00687EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.109 views

CVE-2021-34528

The CVE-2021-34528 entry relates to a Remote Code Execution vulnerability in Microsoft Visual Studio Code. Based on the connected sources, the vulnerability affects Visual Studio Code and allows arbitrary code execution; CVSS details indicate a HIGHImpact with local attack vector and required use...

7.8CVSS7.9AI score0.02878EPSS
CVE
CVE
added 2021/03/11 3:49 p.m.100 views

CVE-2021-27060

CVE-2021-27060 is a reported vulnerability in Microsoft Visual Studio Code described as a remote code execution issue related to Visual Studio Code. The connected sources identify this as an arbitrary code execution vulnerability in VS Code, exploitable by convincing a user to open specially craf...

7.8CVSS7.8AI score0.02911EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.100 views

CVE-2025-24039

CVE-2025-24039 affects Microsoft Visual Studio Code; reported as elevation of privilege vulnerabilities in VS Code prior to 1.97.1. Technical details in connected sources show two issues: (1) an elevation of privilege in the code serve-web path on Windows where an attacker could place a malicious...

7.3CVSS7.5AI score0.00735EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.94 views

CVE-2025-21264

Visual Studio Code (VS Code) is affected by CVE-2025-21264, a local vulnerability described as a security feature bypass. The issue permits an unauthorized, local attacker to bypass a security feature due to how VS Code handles files/directories accessible to external parties and trusted domains....

7.1CVSS7.3AI score0.00629EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.93 views

CVE-2021-28477

CVE-2021-28477 is a remote code execution vulnerability affecting Visual Studio Code and related tooling. The connected sources describe it within a batch of Microsoft developer-tools CVEs and note that the April 2021 security update for Visual Studio Code addresses this issue; the Tenable NASL e...

7.8CVSS7.1AI score0.02295EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.92 views

CVE-2021-28471

CVE-2021-28471 is a Remote Development Extension for Visual Studio Code remote code execution vulnerability. The NVD/OSV entries rate it HIGH (CVSS v3.1: LOCAL, LOW/LOCAL, UI REQUIRED, C/H/I/H/A/H). The vulnerability affects Visual Studio Code components and related tools (e.g., Remote Developmen...

7.8CVSS7.8AI score0.04075EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.88 views

CVE-2025-26631

CVE-2025-26631 affects Visual Studio Code and is described as an Uncontrolled search path element that can allow an authorized, local attacker to escalate privileges. Connected sources (e.g., Nessus plugin for Microsoft Visual Studio Code security update) note that the issue affects installations...

7.3CVSS7.2AI score0.00538EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.80 views

CVE-2026-47292

CVE-2026-47292 concerns a vulnerability in the Visual Studio Code MSSQL Extension where inclusion of functionality from an untrusted control sphere allows an attacker to escalate privileges locally. The connected documents confirm the affected product (Visual Studio Code MSSQL Extension) and the ...

7.8CVSS5.4AI score0.00368EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.77 views

CVE-2026-41611

Technical details about CVE-2026-41611 are not provided in the supplied documents. No specifics on affected versions, root cause, or remediation are included. Monitor for updates from official sources.

7.8CVSS6AI score0.00421EPSS
CVE
CVE
added 2018/06/26 2:0 p.m.60 views

CVE-2018-0597

CVE-2018-0597 is an untrusted search path vulnerability in the Visual Studio Code installer. A malicious DLL located in the same directory as the installer can be loaded, enabling arbitrary code execution with the privileges of the invoking user. Affected component: the VS Code installer; root ca...

7.8CVSS7.7AI score0.0513EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.29 views

CVE-2026-48569

CVE-2026-48569 affects Visual Studio Code. It is caused by improper input validation in the editor, enabling a local attacker to bypass a security feature. CVSSv3.1: LOCAL attack vector, HIGH impact on confidentiality, LOW on integrity, NONE on availability; user interaction required. Details in ...

7.1CVSS5.4AI score0.0035EPSS
CVE
CVE
added 5 days ago16 views

CVE-2026-57101

Visual Studio Code is affected by CVE-2026-57101, a cross-site scripting flaw caused by improper neutralization of input during web page generation. The vulnerability allows a local attacker to bypass a security feature, requiring user interaction for exploitation (CVSS TV: Local access, Low expl...

7.1CVSS6.1AI score0.00442EPSS