Lucene search
K

849 matches found

Packet Storm
Packet Storm
added 2026/03/23 12:0 a.m.160 views

📄 Cursor IDE MCP Deeplink Remote Code Execution

This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...

8.8CVSS6.2AI score0.07598EPSS
Exploits2
HackRead
HackRead
added 2026/03/19 11:35 a.m.7 views

Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data

Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/17 9:31 p.m.4 views

EUVD-2026-12638

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References3
NVD
NVD
added 2026/03/17 8:16 p.m.3 views

CVE-2026-4295

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/03/17 7:11 p.m.7 views

CVE-2026-4295

CVE-2026-4295 affects Kiro IDE prior to 0.8.0. Improper trust boundary enforcement may allow a remote unauthenticated actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. Affected software: K...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 7:11 p.m.2 views

CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 7:11 p.m.4 views

CVE-2026-4295

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/17 7:11 p.m.25 views

CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.8 views

Kiro IDE 安全漏洞

Kiro IDE is an integrated development environment developed by Kiro in open source. Versions of Kiro IDE prior to 0.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper execution of trust boundaries, which could allow remote, unverified threat actors to execute...

8.5CVSS6.3AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2026/02/16 4:30 p.m.5 views

BIT-GITLAB-2025-7659 Origin Validation Error in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

9.1CVSS5.6AI score0.00182EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.6 views

CVE-2025-7659

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

9.1CVSS5.5AI score0.00182EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.8 views

GitLab 18.2 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2025-7659)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal token...

9.1CVSS6AI score0.00182EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-7659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowe...

9.1CVSS5.9AI score0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/02/11 12:16 p.m.5 views

CVE-2025-7659

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

9.1CVSS0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/02/11 12:16 p.m.3 views

UBUNTU-CVE-2025-7659

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

9.1CVSS5.8AI score0.00182EPSS
Exploits0References5
CVE
CVE
added 2026/02/11 11:35 a.m.21 views

CVE-2025-7659

GitLab CE/EE vulnerable in versions 18.2–18.6.5, 18.7–18.7.3, and 18.8–18.8.3 (affected by CVE-2025-7659) due to incomplete validation in the Web IDE. An unauthenticated attacker could steal tokens and access private repositories. The issue is addressed in GitLab patch releases: 18.6.6, 18.7.4, a...

9.1CVSS5.5AI score0.00182EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/11 11:35 a.m.29 views

CVE-2025-7659 Origin Validation Error in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

8CVSS0.00182EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 11:35 a.m.2 views

CVE-2025-7659 Origin Validation Error in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

8CVSS5.5AI score0.00182EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 11:35 a.m.4 views

CVE-2025-7659

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

8CVSS5.5AI score0.00182EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/11 11:35 a.m.4 views

CVE-2025-7659 Origin Validation Error in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

8CVSS5.5AI score0.00182EPSS
Exploits0References6
Rows per page
Query Builder