146 matches found
Malicious code in @bcs-bank-complex-ui/deeplink (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4840 Malicious code in @bcs-bank-complex-ui/deeplink (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2682 Malicious code in @athena-ui-components/deeplink (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74fbec503fca2e61a016a70e66269c234d5329e19a1072a7f777c59fc4d466c The package @athena-ui-components/deeplink was found to contain malicious code. Source: ossf-package-analysis...
📄 Cursor IDE MCP Deeplink Remote Code Execution
This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...
CVE-2026-23523
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...
CVE-2026-23523
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...
CVE-2026-23523
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...
EUVD-2026-3125
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
Summary A command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor Details 1. generatecursordeeplinkservername, … embeds servername verbatim in a cursor://…?name= query string...
GHSA-RJ5C-58RQ-J5G5 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
Summary A command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor Details 1. generatecursordeeplinkservername, … embeds servername verbatim in a cursor://…?name= query string...
EUVD-2020-4222
Malware in sbrugna...
EUVD-2019-18524
Malware in sbrugna...
EUVD-2021-12250
Malware in sbrugna...
EUVD-2021-12417
Malware in sbrugna...
EUVD-2023-25682
Malicious code in bioql PyPI...
EUVD-2022-50515
Malicious code in bioql PyPI...
EUVD-2023-2174
Malicious code in bioql PyPI...
EUVD-2022-52547
Malicious code in bioql PyPI...
EUVD-2023-59297
Malicious code in bioql PyPI...
EUVD-2025-23406
Malicious code in bioql PyPI...