CVE Daily
← All tags

Tag: Microsoft Visual Studio

All CVEs associated with "Microsoft Visual Studio". Page 1/3 • 299 CVEs.

About “Microsoft Visual Studio”

A curated feed of “Microsoft Visual Studio”-related CVEs appears below. We currently track 299 CVEs for this tag (all time). In the last 365 days, 35 were published. Average CVSS is 7.4 (all time; 7.1 over 365d), and 75% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-20 - Improper Input Validation, CWE-94 - Improper Control of Generation of Code ('Code Injection').

In our taxonomy this topic maps to a LOW impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: visual-studio

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
18.618.6.2-
18.518.5.3 Expired
18.418.4.4 Expired
18.318.3.3 Expired
18.218.2.2 Expired
18.118.1.1 Expired
18.018.0.2 Expired
17.1417.14.32LTS
17.1317.13.7 Expired
17.1217.12.20 SoonLTS
17.1117.11.6 Expired
17.1017.10.21 ExpiredLTS
17.917.9.7 Expired
17.817.8.23 ExpiredLTS
17.717.7.7 Expired
17.617.6.22 ExpiredLTS
17.517.5.5 Expired
17.417.4.21 ExpiredLTS
17.317.3.7 Expired
17.217.2.23 ExpiredLTS
17.117.1.7 Expired
17.017.0.23 ExpiredLTS
16.1116.11.56
16.1016.10.4 Expired
16.916.9.26 Expired
16.816.8.7 Expired
16.716.7.28 Expired
16.616.6.5 Expired
16.516.5.5 Expired
16.416.4.27 Expired
16.316.3.10 Expired
16.216.2.5 Expired
16.116.1.6 Expired
16.016.0.22 Expired
15.915.9.79
15.815.8.9 Expired
15.715.7.6 Expired
15.615.6.7 Expired
15.515.5.7 Expired
15.415.4.5 Expired
15.315.3.5 Expired
15.215.2.6 Expired
15.115.1.2 Expired
15.015.0.28 Expired
14.0Update 3 + KB3165756 Expired
12.0Update 5 Expired
11.0Update 4 Expired
10.0Service Pack 1 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Microsoft Visual Studio”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-27
Critical

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available…

CVSS: 9.8 CWE: CWE-506 - Embedded Malicious Code View on NVD
2026-05-12
High

CVE-2026-41613

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2026-41611

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2026-41610

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVSS: 6.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature ove…

CVSS: 8.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2026-04-14
High

CVE-2026-33116

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-32203

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2026-23653

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

CVSS: 5.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2026-03-16
Low

CVE-2026-32732

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the packa…

CVSS: 0.0 CWE: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) View on NVD
2026-02-16
Medium

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace.

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2026-02-10
High

CVE-2026-21523

Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

CVSS: 8.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2026-21518

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a networ…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2026-21257

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

CVSS: 8.0 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2026-21256

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2026-01-20
High

CVE-2025-33229

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Mon…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-12-30
Medium

CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

CVSS: 5.4 CWE: N/A View on NVD
2025-11-20
High

CVE-2025-64660

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.

CVSS: 8.0 CWE: CWE-284 - Improper Access Control View on NVD
2025-11-13
Medium

CVE-2025-64710

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting (XSS) vulnerability in the WebInteropApp/WebAppInterop, potential…

CVSS: 5.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-11-11
Medium

CVE-2025-62453

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.

CVSS: 5.0 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2025-62449

Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-62222

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-62214

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

CVSS: 6.7 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-10-14
Medium

CVE-2025-55248

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

CVSS: 4.8 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
High

CVE-2025-55240

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2025-10-03
High

CVE-2025-61590

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. Workspaces allow users to op…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-09-12
High

CVE-2025-55319

Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-08-12
High

CVE-2025-53773

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-07-30
Medium

CVE-2025-8217

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the V…

CVSS: 4.0 CWE: CWE-506 - Embedded Malicious Code View on NVD
2025-07-08
High

CVE-2025-49739

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVSS: 8.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-501 - Trust Boundary Violation View on NVD
2025-06-13
High

CVE-2025-47959

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

CVSS: 7.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2025-30399

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVSS: 7.5 CWE: CWE-426 - Untrusted Search Path View on NVD
2025-05-13
High

CVE-2025-26646

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

CVSS: 8.0 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2025-32703

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-32702

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2025-21264

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVSS: 7.1 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2025-04-12
Medium

CVE-2025-32726

Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-29803

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-04-08
High

CVE-2025-29804

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-29802

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-03-11
High

CVE-2025-26631

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-25003

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-24998

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-24070

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CVSS: 7.0 CWE: CWE-1390 - Weak Authentication View on NVD
2025-02-11
High

CVE-2025-24042

Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-24039

Visual Studio Code Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-21206

Visual Studio Installer Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-01-14
High

CVE-2025-21405

Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-21178

Visual Studio Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-21176

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2025-21172

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2024-11-12
High

CVE-2024-49050

Visual Studio Code Python Extension Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-501 - Trust Boundary Violation View on NVD
High

CVE-2024-49049

Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-49044

Visual Studio Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-43499

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification) View on NVD
Critical

CVE-2024-43498

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2024-10-08
Medium

CVE-2024-43603

Visual Studio Collector Service Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-43601

Visual Studio Code for Linux Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-43488

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.

CVSS: 8.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2024-43485

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
High

CVE-2024-43484

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
High

CVE-2024-43483

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
High

CVE-2024-38229

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
2024-10-01
High

CVE-2024-9145

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user…

CVSS: 7.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2024-08-13
High

CVE-2024-38168

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-38167

.NET and Visual Studio Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2024-07-09
High

CVE-2024-38095

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-38081

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-35264

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-30105

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-32737

A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-control…

CVSS: 6.3 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2023-32735

A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions < V18…

CVSS: 6.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2022-45147

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Aff…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-06-11
Medium

CVE-2024-30052

Visual Studio Remote Code Execution Vulnerability

CVSS: 4.7 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2024-29060

Visual Studio Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-284 - Improper Access Control View on NVD
2024-05-14
Medium

CVE-2024-30046

Visual Studio Denial of Service Vulnerability

CVSS: 5.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2024-30045

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS: 6.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2024-04-16
High

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authe…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-04-09
High

CVE-2024-21409

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVSS: 7.3 CWE: CWE-416 - Use After Free View on NVD
2024-03-12
High

CVE-2024-26165

Visual Studio Code Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-256 - Plaintext Storage of a Password View on NVD
High

CVE-2024-21392

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-01-09
High

CVE-2024-20656

Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2024-0057

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

CVSS: 9.1 CWE: CWE-20 - Improper Input Validation View on NVD
2023-12-29
High

CVE-2020-17163

Visual Studio Code Python Extension Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
2023-11-28
High

CVE-2023-46944

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.

CVSS: 7.8 CWE: N/A View on NVD
2023-11-14
High

CVE-2023-36049

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-36042

Visual Studio Denial of Service Vulnerability

CVSS: 6.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36018

Visual Studio Code Jupyter Extension Spoofing Vulnerability

CVSS: 7.8 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD
2023-09-12
Medium

CVE-2023-36799

.NET Core and Visual Studio Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-36796

Visual Studio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2023-36794

Visual Studio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2023-36793

Visual Studio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36792

Visual Studio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-36759

Visual Studio Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-36758

Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36742

Visual Studio Code Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
2023-08-08
High

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-35391

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

CVSS: 6.2 CWE: N/A View on NVD
High

CVE-2023-38178

.NET Core and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-36897

Visual Studio Tools for Office Runtime Spoofing Vulnerability

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-35390

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2023-07-11
High

CVE-2023-36867

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-33170

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-33127

.NET and Visual Studio Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD
2023-06-14
High

CVE-2023-32030

.NET and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-24897

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-24895

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2023-33144

Visual Studio Code Spoofing Vulnerability

CVSS: 6.6 CWE: CWE-23 - Relative Path Traversal View on NVD
Medium

CVE-2023-33139

Visual Studio Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-33135

.NET and Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2023-33128

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS: 7.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-33126

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
Medium

CVE-2023-32032

.NET and Visual Studio Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2023-05-09
Medium

CVE-2023-29338

Visual Studio Code Spoofing Vulnerability

CVSS: 6.6 CWE: CWE-285 - Improper Authorization View on NVD
2023-04-11
Medium

CVE-2023-28299

Visual Studio Spoofing Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox