- EPSS 0.6%
- Veröffentlicht 12.05.2026 16:58:55
- Zuletzt bearbeitet 15.05.2026 15:11:18
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41109
- EPSS 0.86%
- Veröffentlicht 12.05.2026 16:58:55
- Zuletzt bearbeitet 15.05.2026 15:27:35
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-32203
- EPSS 1.55%
- Veröffentlicht 14.04.2026 16:58:38
- Zuletzt bearbeitet 30.06.2026 03:18:29
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-32178
- EPSS 2.28%
- Veröffentlicht 14.04.2026 16:57:31
- Zuletzt bearbeitet 30.06.2026 03:18:29
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
- EPSS 0.79%
- Veröffentlicht 10.02.2026 18:16:34
- Zuletzt bearbeitet 11.02.2026 21:41:36
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2026-21518
- EPSS 1.36%
- Veröffentlicht 10.02.2026 18:16:34
- Zuletzt bearbeitet 23.02.2026 17:23:27
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
- EPSS 0.85%
- Veröffentlicht 10.02.2026 18:16:27
- Zuletzt bearbeitet 11.02.2026 19:47:12
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVE-2026-21256
- EPSS 1.1%
- Veröffentlicht 10.02.2026 18:16:27
- Zuletzt bearbeitet 11.02.2026 21:37:01
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
- EPSS 0.49%
- Veröffentlicht 20.11.2025 22:18:57
- Zuletzt bearbeitet 26.11.2025 00:15:50
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
- EPSS 0.41%
- Veröffentlicht 11.11.2025 18:15:50
- Zuletzt bearbeitet 14.11.2025 15:30:40
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.