Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/03 12:19 a.m.6 views

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

9.9CVSS9.7AI score0.00759EPSS
Exploits0References1
Circl
Circl
added 2025/03/01 6:27 a.m.5 views

CVE-2025-27554

creationtimestamp| type| source ---|---|--- 2025-03-01 06:27:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6052 2025-03-01 07:48:16+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114086071203267834 2025-03-01 08:00:33+00:00|...

9.9CVSS5.8AI score0.00759EPSS
Exploits0References4
NVD
NVD
added 2025/03/01 6:15 a.m.9 views

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

9.9CVSS0.00759EPSS
Exploits0References3
CVE
CVE
added 2025/03/01 12:0 a.m.74 views

CVE-2025-27554

CVE-2025-27554 affects ToDesktop builds prior to 2024-10-03 where a postinstall script in package.json can be abused to execute arbitrary commands on the build server (e.g., reading secrets from the desktopify config.prod.json) and deploy updates to any app. Multiple sources note no exploitation ...

9.9CVSS7.8AI score0.00759EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/01 12:0 a.m.4 views

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

9.9CVSS9.7AI score0.00759EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/01 12:0 a.m.12 views

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

9.9CVSS0.00759EPSS
Exploits0References3
Rows per page
Query Builder