13 matches found
PT-2025-45063
Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2025.09.17-25b418f Description Cursor is a code editor designed for programming with AI. A flaw in the Cursor CLI Beta could allow a remote attacker to execute code. This is possible through the Model Context Protocol...
CVE-2025-54135
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file...
CVE-2025-54131
Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick or $cmd. If a user has swapped Cursor from its default settings requiring approval for every terminal call to an allowlist, an attacker can execute...
CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog
Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...
CVE-2025-54132
CVE-2025-54132 affects Cursor’s Mermaid-based diagram tool prior to version 1.3. An attacker can trigger prompt injections to cause Mermaid-rendered images to fetch data to a remote attacker-controlled server, enabling exfiltration of sensitive information. The issue is fixed in version 1.3; upgr...
Cursor 代码问题漏洞
Cursor is an AI code editor open-sourced by Cursor. A code issue vulnerability exists in Cursor versions prior to 1.3 that stems from Mermaid allowing embedded images, which could lead to the disclosure of sensitive information...
CVE-2025-49150
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...
CVE-2025-49150
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...
CVE-2025-49150 Cursor Agent Potentially Leaks Information using JSON schema
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...
CVE-2024-45599
Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib...
CVE-2024-48919
Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...
CVE-2025-32018
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...
CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K
Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...