Lucene search
K

1292 matches found

Cvelist
Cvelist
added 2026/02/13 4:54 p.m.34 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

8CVSS0.0049EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 4:54 p.m.5 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

8CVSS5.7AI score0.0049EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.5 views

Cursor 安全漏洞

Cursor is an AI-powered intelligent code editor developed by Cursor Open Source. Versions of Cursor prior to 2.5 contained security vulnerabilities. These vulnerabilities stemmed from a sandbox escape vulnerability that could be exploited by writing to the.git configuration file, potentially...

9.9CVSS6.6AI score0.0049EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 10:30 p.m.2 views

GHSA-VHVQ-FV9F-WH4Q LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic

Description A malformed or tampered-with LookupResources Cursor token can cause a panic in the SpiceDB process if it fails to parse. If an attacker were able to make requests to a SpiceDB instance, they could affect its availability. Reproduction If one was to take a cursor from a LookupResources...

5.3CVSS5.6AI score
Exploits0References4
Snyk
Snyk
added 2026/02/06 10:30 p.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the Sections component of the Cursor message. An attacker can cause the process to crash by submitting a malformed or tampered cursor token that triggers a panic during parsing. This is only exploitable if the...

5.3CVSS5.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/06 10:30 p.m.7 views

LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic

Description A malformed or tampered-with LookupResources Cursor token can cause a panic in the SpiceDB process if it fails to parse. If an attacker were able to make requests to a SpiceDB instance, they could affect its availability. Reproduction If one was to take a cursor from a LookupResources...

5.5AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/02/02 2:53 p.m.9 views

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

6.4CVSS5.3AI score0.00423EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-49905)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49905 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb...

5.5CVSS6.7AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-115.8.0-1.el8_9.ML.1 (AXSA:2024-7560:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7560:09 advisory. Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofed on another site CVE-2024-1547...

8.1CVSS8.5AI score0.00937EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : firefox-91.4.0-1.el8.ML.1 (AXSA:2022-2971:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-2971:02 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

8.8CVSS8.1AI score0.0202EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : thunderbird-102.5.0-2.el9.ML.1 (AXSA:2023-5045:06)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5045:06 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

9.8CVSS8.2AI score0.01061EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : firefox-91.4.0-1.0.1.el7.AXS7 (AXSA:2021-2597:33)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2597:33 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

8.8CVSS8.1AI score0.0202EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : thunderbird-102.5.0-2.el8.ML.1 (AXSA:2023-4654:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4654:01 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

9.8CVSS8.5AI score0.01061EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-102.5.0-1.el8.ML.1 (AXSA:2023-4657:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4657:01 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

9.8CVSS5.8AI score0.01061EPSS
Exploits0References14
AlpineLinux
AlpineLinux
added 2026/01/19 5:15 p.m.2 views

CVE-2026-23883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew frees cursorPixels on failure, then pointerfree calls xfPointerFree and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

9.8CVSS5.6AI score0.00402EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.4 views

MiracleLinux 7 : tigervnc-1.3.1-3.el7 (AXSA:2015-910:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-910:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it ...

9.8CVSS6.6AI score0.08272EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/15 5:22 p.m.6 views

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.8CVSS7.4AI score0.00537EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 5:16 p.m.10 views

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.8CVSS0.00537EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 4:43 p.m.20 views

CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.2CVSS5.8AI score0.00537EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 4:43 p.m.23 views

CVE-2026-22708 Cursor has a Terminal Tool Allowlist Bypass via Environment Variables

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval. This allows an attacker via...

9.2CVSS0.00537EPSS
Exploits0References1
Rows per page
Query Builder