Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/11/05 11:10 p.m.4 views

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS8.1AI score0.00169EPSS
Exploits0References1
NVD
NVDadded 2025/11/05 12:15 a.m.1 views

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS0.00169EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/11/04 11:9 p.m.3 views

CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS0.00169EPSS
Exploits0References1
CVE
CVEadded 2025/11/04 11:9 p.m.19 views

CVE-2025-64109

Cursor CLI Beta contains a vulnerability where uploading a malicious MCP configuration in .cursor/mcp.json in a GitHub repo can trigger remote code execution when a victim clones the project and runs Cursor CLI. The issue results from the MCP (Model Context Protocol) server mechanism executing th...

8.8CVSS7.8AI score0.00169EPSS
Exploits0References1
CVE
CVEadded 2025/10/03 5:28 p.m.12 views

CVE-2025-61593

CVE-2025-61593 affects Cursor, specifically Cursor CLI Agent in Cursor editor versions ≤ 1.7. The vulnerability stems from inadequate protection of sensitive files (e.g., /.cursor/cli.json ), allowing an attacker to inject prompts that modify these files, which can lead to remote code execution. ...

8.8CVSS7.8AI score0.00188EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/03 5:28 p.m.2 views

EUVD-2025-32310

Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files i.e. /.cursor/cli.json allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A...

7.1CVSS7.7AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/03 5:23 p.m.7 views

CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...

8.8CVSS0.00277EPSS
Exploits0References1
OSV
OSVadded 2025/10/03 5:23 p.m.4 views

CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...

8.8CVSS7.8AI score0.00277EPSS
Exploits0References3
Rows per page
Query Builder