VYPR

Visual Studio

by Microsoft

CVEs (157)

  • CVE-2020-17104Nov 11, 2020
    risk 0.01cvss epss 0.04

    Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

  • CVE-2020-17023Oct 16, 2020
    risk 0.01cvss epss 0.04

    A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-16881Sep 11, 2020
    risk 0.01cvss epss 0.05

    A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-16874Sep 11, 2020
    risk 0.01cvss epss 0.04

    A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…

  • CVE-2020-16856Sep 11, 2020
    risk 0.01cvss epss 0.04

    A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…

  • CVE-2020-0604Aug 17, 2020
    risk 0.01cvss epss 0.04

    A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged…

  • CVE-2020-1416Jul 14, 2020
    risk 0.01cvss epss 0.06

    An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

  • CVE-2019-1425Nov 12, 2019
    risk 0.01cvss epss 0.03

    An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.

  • CVE-2019-0657Mar 6, 2019
    risk 0.01cvss epss 0.05

    A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.

  • CVE-2019-0728Mar 6, 2019
    risk 0.01cvss epss 0.28

    A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

  • CVE-2019-0613Mar 6, 2019
    risk 0.01cvss epss 0.15

    A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET…

  • CVE-2014-3802May 20, 2014
    risk 0.01cvss epss 0.11

    msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a…

  • CVE-2011-1280Jun 16, 2011
    risk 0.01cvss epss 0.15

    The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote…

  • CVE-2001-0153May 3, 2001
    risk 0.01cvss epss 0.12

    Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.

  • CVE-2000-0162Feb 18, 2000
    risk 0.01cvss epss 0.08

    The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

  • CVE-2025-65716Feb 16, 2026
    risk 0.00cvss epss 0.01

    An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.

  • CVE-2026-21257Feb 10, 2026
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-21523Feb 10, 2026
    risk 0.00cvss epss 0.01

    Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

  • CVE-2026-21518Feb 10, 2026
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2025-64660Nov 20, 2025
    risk 0.00cvss epss 0.00

    Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.

Page 4 of 8