3 matches found
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input
jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...
CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config
Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...
PT-2025-40542
Name of the Vulnerable Software and Affected Versions Cursor versions 1.7 and below Description Cursor CLI Agent does not adequately protect its sensitive files, specifically /.cursor/cli.json. This allows attackers to modify the content of these files through prompt injection, potentially leadin...