Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/01/15 5:22 p.m.6 views

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.8CVSS7.4AI score0.00537EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 5:16 p.m.10 views

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.8CVSS0.00537EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/14 4:43 p.m.4 views

EUVD-2026-2678

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.2CVSS6.8AI score0.00537EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 4:43 p.m.22 views

CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.2CVSS0.00537EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 4:43 p.m.20 views

CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.2CVSS5.8AI score0.00537EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/14 4:43 p.m.4 views

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.8CVSS5.7AI score0.00537EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/14 4:43 p.m.49 views

CVE-2026-22708

CVE-2026-22708 affects Cursor (AI-enhanced code editor). Prior to version 2.3, when the Cursor Agent runs in Auto-Run mode with Allowlist enabled, certain shell built-ins can be executed without appearing in the allowlist or requiring user approval. This enables an attacker to perform indirect or...

9.8CVSS7AI score0.00537EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.10 views

PT-2026-2918

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.3 Description Cursor is a code editor designed for programming with AI. When the Cursor Agent operates in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can be executed without appearing on the...

9.8CVSS6.7AI score0.00537EPSS
Exploits0References16
NVD
NVD
added 2025/08/01 11:15 p.m.7 views

CVE-2025-54131

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick or $cmd. If a user has swapped Cursor from its default settings requiring approval for every terminal call to an allowlist, an attacker can execute...

8.8CVSS0.0048EPSS
Exploits0References1
OSV
OSV
added 2025/08/01 11:5 p.m.4 views

CVE-2025-54131 Cursor bypasses its allow list to execute arbitrary commands

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick or $cmd. If a user has swapped Cursor from its default settings requiring approval for every terminal call to an allowlist, an attacker can execute...

6.4CVSS7.8AI score0.0048EPSS
Exploits0References3
OSV
OSV
added 2019/07/19 7:15 a.m.3 views

CVE-2019-13971

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...

6.1CVSS6.3AI score0.00848EPSS
Exploits1References1
Rows per page
Query Builder