CVE-2026-47281
Missing authorization in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVSS
9.6
Crítico
EPSS
0.6%
p44
KEV
—
Exploit Today
13
0-100
Publicado: 9 jun 2026 · Última mod.: 9 jul 2026 · CWE-306 · CWE-798 · CWE-862
0.6%EPSS · 30 días0.6%
2026-06-302026-07-17
Missing authorization in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-32489.8 CRÍ100.0%
KEV—80Langflow Missing Authentication Vulnerability3dCVE-2024-116809.8 CRÍ99.8%
KEV—80ProjectSend Improper Authentication Vulnerability3dCVE-2026-561645.3 MED92.0%
KEV—78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability3dCVE-2026-468179.8 CRÍ60.3%
KEV—68Oracle E-Business Suite Improper Privilege Management Vulnerability2dCVE-2022-245629.8 CRÍ98.9%
——30In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.9dCVE-2026-277718.2 ALT98.5%
——30Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.10d