CVE-2025-54130

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the...

CVE-2025-54130

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the...

CVE-2025-54130 Cursor Agent is vulnerable prompt injection via Editor Special Files

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the...

Cursor 安全漏洞

Cursor is an AI code editor from Cursor Open Source. A security vulnerability exists in Cursor versions prior to 1.3.9 that stems from allowing unapproved user writes to workspace files, which could lead to remote code execution...

PT-2025-31883 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 1.3.9 Description: Cursor, a code editor built for programming with AI, allows writing in-workspace files without user approval in affected versions. Specifically, creating new dotfiles does not require approval, whil...

CVE-2025-8518 givanz Vvveb Code Editor code.php save code injection

A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has bee...

CVE-2025-8518 givanz Vvveb Code Editor code.php save code injection

A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has bee...

CVE-2025-54132

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

CVE-2025-54131

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick or $cmd. If a user has swapped Cursor from its default settings requiring approval for every terminal call to an allowlist, an attacker can execute...

CVE-2025-54131

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick or $cmd. If a user has swapped Cursor from its default settings requiring approval for every terminal call to an allowlist, an attacker can execute...

CVE-2025-54132

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...

CVE-2025-54132

CVE-2025-54132 affects Cursor’s Mermaid-based diagram tool prior to version 1.3. An attacker can trigger prompt injections to cause Mermaid-rendered images to fetch data to a remote attacker-controlled server, enabling exfiltration of sensitive information. The issue is fixed in version 1.3; upgr...

CVE-2025-54131

Cursor before v1.3 is vulnerable: an attacker can bypass the auto-run allow list using a backtick (`) or $(cmd) to execute arbitrary commands outside the allowlist, especially if the user has switched to an allowlist setting. The issue can be triggered via indirect prompt injection and is fixed i...

CVE-2025-54131 Cursor bypasses its allow list to execute arbitrary commands

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick or $cmd. If a user has swapped Cursor from its default settings requiring approval for every terminal call to an allowlist, an attacker can execute...

CVE-2025-54135

creationtimestamp| type| source ---|---|--- 2025-08-01 13:31:00+00:00| seen| https://thehackernews.com/2025/08/cursor-ai-code-editor-fixed-flaw.html 2025-08-01 15:45:09+00:00| published-proof-of-concept| https://t.me/thehackernews/7272 2025-08-01 18:23:18+00:00| seen|...

PT-2025-31700

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 1.3 Description Cursor is a code editor built for programming with AI. Versions prior to 1.3 allow embedding images through Mermaid, a diagram rendering tool. This can be exploited to exfiltrate sensitive information t...

Cursor 代码问题漏洞

Cursor is an AI code editor open-sourced by Cursor. A code issue vulnerability exists in Cursor versions prior to 1.3 that stems from Mermaid allowing embedded images, which could lead to the disclosure of sensitive information...

PT-2025-31699 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 1.3 Description: Cursor, a code editor built for programming with AI, allows an attacker to bypass the allow list in auto-run mode using a backtick or $cmd. This bypass enables arbitrary command execution outside of t...

WordPress iThoughts Advanced Code Editor Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress iThoughts Advanced Code Editor, which stems from missing or incorrect random number validation, and can be...