Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code
CVE-2024-8695
CRITICAL CVSS 9.0
Find Similar
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
CVE-2025-30580
CRITICAL CVSS 10.0
Find Similar
Improper Control of Generation of Code ('Code Injection') vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclusion.This issue affects DigiWidgets Image
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to
A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privil
CVE-2025-5243
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
CVE-2025-48169
CRITICAL CVSS 9.9
Find Similar
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through <= 0.3.3.
CVE-2025-28893
CRITICAL CVSS 9.9
Find Similar
Improper Control of Generation of Code ('Code Injection') vulnerability in Govind Visual Text Editor visual-text-editor allows Remote Code Inclusion.This issue affects Visual Text Editor: from n/a thr
A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video fi
Page 1+ Next →