Cursor < 2.5 RCE (GHSA-8pcm-8jpx-hv8r)

The version of Cursor installed on the remote host is prior to 2.5. It is, therefore, affected by a remote code execution vulnerability: - A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox remote code...

CVE-2026-26268

creationtimestamp| type| source ---|---|--- 2026-02-13 17:54:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mer3ai5fiw23 2026-04-29 11:50:19+00:00| seen| https://bsky.app/profile/eyalestrin.bsky.social/post/3mkmztuqow32z 2026-04-30 04:45:12+00:00| seen|...

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

CVE-2022-26268

Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php...

CVE-2025-8645

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

CVE-2020-26268

In affected versions of TensorFlow the tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...

CVE-2025-26268

creationtimestamp| type| source ---|---|--- 2025-04-17 17:57:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12293 2025-04-17 18:54:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmzrqzkuas2b 2025-04-17 23:01:11+00:00| seen|...

CVE-2025-26268

DragonflyDB pre-1.27.0 is affected. Authenticated users can trigger a denial of service (daemon crash) by sending a crafted Redis command, caused by the scan cursor validity check being missing. Affected: DragonflyDB Dragonfly versions prior to 1.27.0. Remediation: upgrade to 1.27.0 or later (or ...

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...

CVE-2024-26268

The CVE-2024-26268 issue is a user enumeration vulnerability in Liferay Portal (7.2.0–7.4.3.26) and older unsupported versions, and in Liferay DXP 7.4 before update 27, 7.3 before update 8, and 7.2 before fix pack 20. The root cause is that an attacker can infer whether an account exists by measu...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality due to [CVE-2023-26268]

Summary Apache CouchDB is used by IBM App Connect Enterprise Certified Container for storing flows and data used by the DesignerAuthroing operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality. This bulletin provides patch...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268 with details below. Vulnerability Details CVEID:CVE-2023-26268 DESCRIPTION: Apache CouchDB could allow a remote authenticated attacker to obtain sensitive...

Apache CouchDB <= 3.2.2, 3.3.x <= 3.3.1 Information Disclosure Vulnerability - Windows

Apache CouchDB is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache CouchDB <= 3.2.2, 3.3.x <= 3.3.1 Information Disclosure Vulnerability - Linux

Apache CouchDB is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-26268

creationtimestamp| type| source ---|---|--- 2023-05-07 02:30:57+00:00| seen| https://t.me/cibsecurity/63183...

SUSE CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...