Lucene search
K

1294 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.6 views

Cursor < 2.5 RCE (GHSA-8pcm-8jpx-hv8r)

The version of Cursor installed on the remote host is prior to 2.5. It is, therefore, affected by a remote code execution vulnerability: - A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox remote code...

9.9CVSS6.4AI score0.0049EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 6:9 p.m.5 views

GO-2026-4465 LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic in github.com/authzed/spicedb

LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic in github.com/authzed/spicedb. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...

5.6AI score
Exploits0References3
NVD
NVD
added 2026/02/13 5:16 p.m.9 views

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

9.9CVSS0.0049EPSS
Exploits0References1
CVE
CVE
added 2026/02/13 4:54 p.m.33 views

CVE-2026-26268

CVE-2026-26268 (Cursor) affects Cursor, a code editor with AI features. The bug allows a sandbox escape by writing to improperly protected .git configuration, including git hooks, enabling out-of-sandbox remote code execution when triggered by Git operations. The issue exists in versions prior to...

9.9CVSS5.7AI score0.0049EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/13 4:54 p.m.4 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

8CVSS6AI score0.0049EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/13 4:54 p.m.34 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

8CVSS0.0049EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 4:54 p.m.5 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

8CVSS5.7AI score0.0049EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.5 views

Cursor 安全漏洞

Cursor is an AI-powered intelligent code editor developed by Cursor Open Source. Versions of Cursor prior to 2.5 contained security vulnerabilities. These vulnerabilities stemmed from a sandbox escape vulnerability that could be exploited by writing to the.git configuration file, potentially...

9.9CVSS6.6AI score0.0049EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/06 10:30 p.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the Sections component of the Cursor message. An attacker can cause the process to crash by submitting a malformed or tampered cursor token that triggers a panic during parsing. This is only exploitable if the...

5.3CVSS5.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/06 10:30 p.m.9 views

LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic

Description A malformed or tampered-with LookupResources Cursor token can cause a panic in the SpiceDB process if it fails to parse. If an attacker were able to make requests to a SpiceDB instance, they could affect its availability. Reproduction If one was to take a cursor from a LookupResources...

5.5AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/06 10:30 p.m.2 views

GHSA-VHVQ-FV9F-WH4Q LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic

Description A malformed or tampered-with LookupResources Cursor token can cause a panic in the SpiceDB process if it fails to parse. If an attacker were able to make requests to a SpiceDB instance, they could affect its availability. Reproduction If one was to take a cursor from a LookupResources...

5.3CVSS5.6AI score
Exploits0References4
Patchstack
Patchstack
added 2026/02/02 2:53 p.m.9 views

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

6.4CVSS5.3AI score0.00423EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-49905)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49905 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb...

5.5CVSS6.7AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : firefox-91.4.0-1.0.1.el7.AXS7 (AXSA:2021-2597:33)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2597:33 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

8.8CVSS8.1AI score0.0202EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : thunderbird-102.5.0-2.el9.ML.1 (AXSA:2023-5045:06)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5045:06 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

9.8CVSS8.2AI score0.01061EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : firefox-91.4.0-1.el8.ML.1 (AXSA:2022-2971:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-2971:02 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

8.8CVSS8.1AI score0.0202EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-102.5.0-1.el8.ML.1 (AXSA:2023-4657:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4657:01 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

9.8CVSS5.8AI score0.01061EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : thunderbird-102.5.0-2.el8.ML.1 (AXSA:2023-4654:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4654:01 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

9.8CVSS8.5AI score0.01061EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-115.8.0-1.el8_9.ML.1 (AXSA:2024-7560:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7560:09 advisory. Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofed on another site CVE-2024-1547...

8.1CVSS8.5AI score0.00937EPSS
Exploits1References9
AlpineLinux
AlpineLinux
added 2026/01/19 5:15 p.m.2 views

CVE-2026-23883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew frees cursorPixels on failure, then pointerfree calls xfPointerFree and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

9.8CVSS5.6AI score0.00402EPSS
Exploits1
Rows per page
Query Builder