1057001 matches found
CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace
Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...
CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace
Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...
CVE-2024-23577
HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...
UBUNTU-CVE-2026-11386
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...
UBUNTU-CVE-2026-12391
An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic informatio...
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images
North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. "Any user who ran the project ended up with a four-stage payload...
Exploit for Path Traversal in Gogs
CVE-2025-8110 — Gogs Arbitrary File Write PoC Proof-of-conc...
CVE-2024-23577
HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...
CVE-2024-23577
HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...
CVE-2024-23577
HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...
CVE-2026-41845
A flaw was found in Spring Framework. Due to incorrect escaping when using JavaScriptUtils.javaScriptEscape, a remote attacker could inject malicious JavaScript code into a user's browser. This could lead to a cross-site scripting XSS vulnerability, allowing the attacker to execute arbitrary...
CVE-2026-41844
A flaw was found in Spring Framework. A Spring MVC or Spring WebFlux application that configures a mapping for "/" without explicitly specifying the view name is vulnerable. An attacker can exploit this by crafting a malicious link, leading to an open redirect. This allows the attacker to redirec...
CVE-2026-41846
A flaw was found in Spring MVC applications, part of the Spring Framework. This vulnerability allows a remote attacker to inject arbitrary HTML or JavaScript code due to improper handling of user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags. Successful...
CVE-2026-41854
A flaw was found in Spring Framework. Due to incorrect host parsing in the UriComponentsBuilder component, applications that process externally provided URL strings may be vulnerable to a Server-Side Request Forgery SSRF attack. An SSRF attack allows an attacker to trick the server into making...
Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords
Shark’s cloud-connected robot vacuums are currently exposed by an unpatched AWS Amazon Web Services IoT Internet of Things policy flaw that could turn one compromised device into a remote-control skeleton key for many others in the same region, with access to cameras, maps, and Wi‑Fi passwords. A...
Windows-AppResolver-LPE-PoC
Windows AppResolver LPE PoC Proof of concept for an AppResolv...
Exploit for CVE-2026-50454
CVE-2026-50454 SYSTEM Shell PoC Proof of concept for CVE-2026...
jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
An update is available for jackson-modules-base, jackson-databind, jackson-jaxrs-providers, jackson-annotations, jackson-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...