6573 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-3431
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. CVE-2023-3431 Note that Nessus relies on the presence of the package as report...
MAL-2025-41421 Malicious code in k7eel2-ss (PyPI)
The package downloads and executes an executable from a hardcoded URL. The executable is classifed as Trojan and confirmed by 47 top sources. The package downloads malware from https://github.com/deprosinal/legendary-funicular github repo, namely helo.exe --- -= Per source details. Do not edit...
GO-2025-3875 Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence
Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence...
Intel® Xeon® 6 Scalable Processors Advisory
Summary: A potential security vulnerability in Intel® Xeon® 6 Scalable processors may allow escalation of privilege. Intel is releasing a microcode update to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-22840 Description: Sequence of processor instructions leads t...
GO-2025-3840 Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault
Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault...
GO-2025-3832 OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0 in github.com/oauth2-proxy/oauth2-proxy
OAuth2-Proxy's --gitlab-group GitLab Group Authorization config flag stopped working in v7.0.0 in github.com/oauth2-proxy/oauth2-proxy...
GO-2025-3839 Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault
Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault...
GO-2025-3838 Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault...
commix
This is an automated all-in-one OS command injection exploitation tool. It is designed to automate the detection and exploitation of command injection vulnerabilities. The tool is written in Python and is available on GitHub under the GPLv3 license. It can be installed by cloning the official Git...
Cursor <= 1.2.1 RCE (GHSA-4cxx-hrm3-49rm)
The version of Cursor installed on the remote host is 1.2.1 or prior. It is, therefore, affected by a remote code execution vulnerability. An attacker could achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or...
Cursor < 1.2.4 RCE (GHSA-24mc-g4xr-4395)
The version of Cursor installed on the remote host is prior to 1.2.4. It is, therefore, affected by a remote code execution vulnerability. Attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing...
CVE-2025-54136
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...
CVE-2025-54136 Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...
CVE-2025-54136 Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...
GO-2025-3827 eKuiper API endpoints handling SQL queries with user-controlled table names. in github.com/lf-edge/ekuiper
eKuiper API endpoints handling SQL queries with user-controlled table names. in github.com/lf-edge/ekuiper...
GO-2025-3818 Mattermost has Insufficiently Protected Credentials in github.com/mattermost/mattermost-server
Mattermost has Insufficiently Protected Credentials in github.com/mattermost/mattermost-server...
GO-2025-3819 Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server
Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server...
GO-2025-3792 File Browser vulnerable to insecure password handling in github.com/filebrowser/filebrowser
File Browser vulnerable to insecure password handling in github.com/filebrowser/filebrowser...
GO-2025-3794 File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser...
GO-2025-3796 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server...