7737 matches found
GHSA-Q433-J342-RP9H Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Summary The httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. Details It’s better to remove both lines, as this information make...
CVE-2026-22708
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002680)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002680 advisory. The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...
MAL-2026-254 Malicious code in hairest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6a47476109391081ac326c65a5624df44ba19f7e2597aaeffa47552a053e9773 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in hairest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6a47476109391081ac326c65a5624df44ba19f7e2597aaeffa47552a053e9773 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
CVE-2026-22708
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...
EUVD-2026-2678
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...
CVE-2026-22708
CVE-2026-22708 affects Cursor (AI-enhanced code editor). Prior to version 2.3, when the Cursor Agent runs in Auto-Run mode with Allowlist enabled, certain shell built-ins can be executed without appearing in the allowlist or requiring user approval. This enables an attacker to perform indirect or...
CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...
CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...
CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...
UBUNTU-CVE-2025-71138
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpuencoderphyswbsetupctl, but in a single place the check is missing. Also use convenient locals instead of physenc- where availabl...
Malicious code in clipcord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fca6ce37489de021bfea975a55751ad244552b7868a4e534f955d30a0efb1770 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-253 Malicious code in clipcord (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fca6ce37489de021bfea975a55751ad244552b7868a4e534f955d30a0efb1770 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-251 Malicious code in soupclaw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d81f6899b3e1e16c0fd74656a7fb8cedfd711e9e68078d85ed95cdb10979e3d1 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in soupclaw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d81f6899b3e1e16c0fd74656a7fb8cedfd711e9e68078d85ed95cdb10979e3d1 Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
GoCD: Information Disclosure via Logback Configuration Injection in GoCD Agent
Summary The GoCD Agent's logging mechanism Logback allows for property substitution and custom configuration loading. By default, the config directory might not exist in the installation path. However, if an attacker creates this directory and places a specially crafted agent-launcher-logback.xml...
PT-2026-2918
Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.3 Description Cursor is a code editor designed for programming with AI. When the Cursor Agent operates in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can be executed without appearing on the...