Visual Studio
by Microsoft
CVEs (157)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62453 | 0.00 | — | 0.00 | Nov 11, 2025 | Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-62214 | 0.00 | — | 0.01 | Nov 11, 2025 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally. | |||
| CVE-2025-55319 | 0.00 | — | 0.01 | Sep 12, 2025 | Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-49739 | 0.00 | — | 0.01 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-47959 | 0.00 | — | 0.05 | Jun 13, 2025 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. | |||
| CVE-2025-32702 | 0.00 | — | 0.01 | May 13, 2025 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-21264 | 0.00 | — | 0.01 | May 13, 2025 | Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2025-32726 | 0.00 | — | 0.00 | Apr 12, 2025 | Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-26631 | 0.00 | — | 0.01 | Mar 11, 2025 | Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-24998 | 0.00 | — | 0.00 | Mar 11, 2025 | Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-24039 | 0.00 | — | 0.01 | Feb 11, 2025 | Visual Studio Code Elevation of Privilege Vulnerability | |||
| CVE-2025-21405 | 0.00 | — | 0.01 | Jan 14, 2025 | Visual Studio Elevation of Privilege Vulnerability | |||
| CVE-2024-49050 | 0.00 | — | 0.01 | Nov 12, 2024 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | |||
| CVE-2024-49044 | 0.00 | — | 0.01 | Nov 12, 2024 | Visual Studio Elevation of Privilege Vulnerability | |||
| CVE-2024-43488 | 0.00 | — | 0.01 | Oct 8, 2024 | Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | |||
| CVE-2024-26165 | 0.00 | — | 0.02 | Mar 12, 2024 | Visual Studio Code Elevation of Privilege Vulnerability | |||
| CVE-2023-36042 | 0.00 | — | 0.01 | Nov 14, 2023 | Visual Studio Denial of Service Vulnerability | |||
| CVE-2023-36742 | 0.00 | — | 0.01 | Sep 12, 2023 | Visual Studio Code Remote Code Execution Vulnerability | |||
| CVE-2023-36758 | 0.00 | — | 0.01 | Sep 12, 2023 | Visual Studio Elevation of Privilege Vulnerability | |||
| CVE-2023-32030 | 0.00 | — | 0.02 | Jun 14, 2023 | .NET and Visual Studio Denial of Service Vulnerability |
- CVE-2025-62453Nov 11, 2025risk 0.00cvss —epss 0.00
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
- CVE-2025-62214Nov 11, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
- CVE-2025-55319Sep 12, 2025risk 0.00cvss —epss 0.01
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
- CVE-2025-49739Jul 8, 2025risk 0.00cvss —epss 0.01
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-47959Jun 13, 2025risk 0.00cvss —epss 0.05
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
- CVE-2025-32702May 13, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
- CVE-2025-21264May 13, 2025risk 0.00cvss —epss 0.01
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- CVE-2025-32726Apr 12, 2025risk 0.00cvss —epss 0.00
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
- CVE-2025-26631Mar 11, 2025risk 0.00cvss —epss 0.01
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
- CVE-2025-24998Mar 11, 2025risk 0.00cvss —epss 0.00
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
- CVE-2025-24039Feb 11, 2025risk 0.00cvss —epss 0.01
Visual Studio Code Elevation of Privilege Vulnerability
- CVE-2025-21405Jan 14, 2025risk 0.00cvss —epss 0.01
Visual Studio Elevation of Privilege Vulnerability
- CVE-2024-49050Nov 12, 2024risk 0.00cvss —epss 0.01
Visual Studio Code Python Extension Remote Code Execution Vulnerability
- CVE-2024-49044Nov 12, 2024risk 0.00cvss —epss 0.01
Visual Studio Elevation of Privilege Vulnerability
- CVE-2024-43488Oct 8, 2024risk 0.00cvss —epss 0.01
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
- CVE-2024-26165Mar 12, 2024risk 0.00cvss —epss 0.02
Visual Studio Code Elevation of Privilege Vulnerability
- CVE-2023-36042Nov 14, 2023risk 0.00cvss —epss 0.01
Visual Studio Denial of Service Vulnerability
- CVE-2023-36742Sep 12, 2023risk 0.00cvss —epss 0.01
Visual Studio Code Remote Code Execution Vulnerability
- CVE-2023-36758Sep 12, 2023risk 0.00cvss —epss 0.01
Visual Studio Elevation of Privilege Vulnerability
- CVE-2023-32030Jun 14, 2023risk 0.00cvss —epss 0.02
.NET and Visual Studio Denial of Service Vulnerability
Page 5 of 8