CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15202 matches found

NVD•added 2026/02/13 5:16 p.m.•4 views

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

9.9CVSS0.00022EPSS

Exploits0References1

OSV•added 2026/02/13 4:54 p.m.•2 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

8CVSS6AI score0.00022EPSS

Exploits0References3

CVE•added 2026/02/13 4:54 p.m.•20 views

CVE-2026-26268

Cursor code editor contains a sandbox-escape vulnerability: prior to v2.5, a malicious agent could write to protected .git settings (including hooks), enabling out-of-sandbox RCE on next trigger without user interaction. Affected versions are before 2.5; fix is in 2.5. CVSSv3.1 metrics indicate h...

9.9CVSS5.7AI score0.00022EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/02/13 4:54 p.m.•27 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

8CVSS0.00022EPSS

Exploits0References1

Vulnrichment•added 2026/02/13 4:54 p.m.•3 views

CVE-2026-26268 Cursor sandbox escape via Git hooks

8CVSS5.7AI score0.00022EPSS

Exploits0References1

Packet Storm•added 2026/02/13 12:0 a.m.•122 views

📄 Xerte Online Toolkits 3.14 Upload Image Shell Upload

This Metasploit module exploits the user template file import functions unrestricted file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is Db...

5.6AI score

Exploits0

CNNVD•added 2026/02/13 12:0 a.m.•2 views

Cursor 安全漏洞

Cursor is an AI-powered intelligent code editor developed by Cursor Open Source. Versions of Cursor prior to 2.5 contained security vulnerabilities. These vulnerabilities stemmed from a sandbox escape vulnerability that could be exploited by writing to the.git configuration file, potentially...

9.9CVSS6.6AI score0.00022EPSS

Exploits0References1

RedhatCVE•added 2026/02/12 1:43 p.m.•5 views

CVE-2026-1827

The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00016EPSS

Exploits0References1

OSV•added 2026/02/12 8:51 a.m.•4 views

BIT-MOODLE-2025-67850 Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

7.3CVSS5.7AI score0.00012EPSS

Exploits0References3

RedhatCVE•added 2026/02/12 7:33 a.m.•5 views

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...

8.8CVSS5.5AI score0.00071EPSS

Exploits0References1

OSV•added 2026/02/11 9:16 p.m.•2 views

CVE-2024-50620

8.8CVSS5.8AI score0.00071EPSS

Exploits0References2

RedhatCVE•added 2026/02/11 7:45 p.m.•4 views

CVE-2026-25805

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...

8CVSS5.6AI score0.00095EPSS

Exploits1References1

NVD•added 2026/02/11 9:15 a.m.•8 views

CVE-2026-1827

6.4CVSS0.00016EPSS

Exploits0References3

NVD•added 2026/02/11 9:15 a.m.•4 views

CVE-2026-0815

The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...

4.4CVSS0.00013EPSS

Exploits0References3

ATTACKERKB•added 2026/02/11 8:26 a.m.•5 views

CVE-2026-1827

6.4CVSS5.7AI score0.00016EPSS

Exploits0References4

Vulnrichment•added 2026/02/11 8:26 a.m.•4 views

CVE-2026-1827 IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute

6.4CVSS5.8AI score0.00016EPSS

Exploits0References3

CVE•added 2026/02/11 8:26 a.m.•13 views

CVE-2026-1827

CVE-2026-1827 — The IDE Micro code-editor WordPress plugin (flask-micro) versions ≤ 1.0.0 is vulnerable to Stored Cross-Site Scripting via the codeflask shortcode, due to insufficient input sanitization and output escaping on the shortcode attributes (notably the title attribute). Impact: authent...

6.4CVSS5.8AI score0.00016EPSS

Exploits0References3

Vulnrichment•added 2026/02/11 8:26 a.m.•2 views

CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter

4.4CVSS5.7AI score0.00013EPSS

Exploits0References3

RedhatCVE•added 2026/02/11 7:30 a.m.•4 views

CVE-2026-0488

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

9.9CVSS6.1AI score0.00026EPSS

Exploits0References1