CVE-2025-64107 Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes ./.cursor/./././././mcp.json etc., and requires human approval to complete the operation. However, the same kin...

@bdogz325/code-push-cli (=2.6.6), @detatsatrio/codepush-cli (>=2.6.6 <=2.6.9) +30 more potentially affected by CVE-2025-59140 via backslash (>=0.1.7 <=0.2.0)

backslash NPM version =0.1.7, =2.6.6, =2.6.1, =2.4.0, =0.0.10, =1.0.0, =1.2.1, =1.6.0-beta, =2.2.0, =2.1.9, =2.1.13 - code-push-standalone =0.0.1 and more Source cves: CVE-2025-59140 Source advisory: OSV:MAL-2025-46968...

CVE-2019-17640

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the...

CVE-2017-7620

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...