CVE-2025-7835 iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update

The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughtsaceupdateoptions' AJAX action. This makes it possible for unauthenticated attacke...

PT-2025-30658 · WordPress · Ithoughts Advanced Code Editor

Name of the Vulnerable Software and Affected Versions: iThoughts Advanced Code Editor plugin for WordPress versions through 1.2.10 Description: The iThoughts Advanced Code Editor plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the...

CVE-2025-49150

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

CVE-2025-49150

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

CVE-2025-49150 Cursor Agent Potentially Leaks Information using JSON schema

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

CVE-2024-45599

Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib...

CVE-2024-48919

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

Microsoft Visual Studio Code 安全漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A security vulnerability exists in Microsoft Visual Studio Code. An attacker exploiting the vulnerability can bypass certain features...

CVE-2025-32018

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

GitLab gitlab-vscode-extension 跨站脚本漏洞

GitLab gitlab-vscode-extension is a VSCode code editor extension for Gitlab from GitLab USA. A cross-site scripting vulnerability exists in GitLab gitlab-vscode-extension. An attacker can exploit this vulnerability to perform a cross-site scripting attack...

CVE-2022-46154

Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users...

ROS-20250117-04

Visual Studio Code source code editor vulnerability is related to failure to take measures to neutralize the special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2024-48919

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-48919

CVE-2024-48919 affects Cursor, an AI-assisted code editor. Prior to 2024-09-27, if a user imported a malicious webpage into Cursor’s Terminal Cmd-K, an attacker controlling that page could influence a language model to emit arbitrary terminal commands when the user opts to include the page conten...

CVE-2024-9546

The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for...

CVE-2024-9546

The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for...

WordPress WPIDE – File Manager & Code Editor Plugin <= 3.4.9 is vulnerable to Full Path Disclosure (FPD)

Software WPIDE – File Manager & Code Editor Type Plugin Vulnerable versions = 3.4.9 Fixed in 3.5.0 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-9546 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 611d26fe2e96 Credits TANG...

CVE-2024-45599

Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib...

Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: Org mode considers...