GHSA-PWHC-RPQ9-4C8W vulnerabilities

Vulnerabilities for packages: trivy, opa-envoy, helm-set-status, neuvector-scanner, docker, kube-arangodb, rancher-fleet, ctop, xeol, grype, k3s, syft, zot, zarf, manifest-tool, nerdctl, kargo, kubescape-operator, cert-manager-cmctl, kubevela, gatekeeper, rancher-agent, k9s, rancher-helm,...

Fedora 41 : golang-github-openprinting-ipp-usb (2025-9d12a32bce)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-9d12a32bce advisory. Rebuild with the latest golang in repos Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

GHSA-M6HQ-P25P-FFR2 vulnerabilities

Vulnerabilities for packages: rancher-fleet-fips, kube-arangodb-fips, apm-server-fips, helm-diff-fips, chainctl, k8ssandra-client, gitlab-operator-fips, grype, kargo, opa-envoy, helm-operator, kube-arangodb, falco-no-driver, osv-scanner, headlamp, skaffold-fips, docker-cli-buildx-fips,...

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code VS Code extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex,"...

CVE-2025-61299

creationtimestamp| type| source ---|---|--- 2025-11-07 05:43:37+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/58649 2025-11-07 09:00:04+00:00| published-proof-of-concept| Telegram/rxBXc7mJGGU5sBhvwkQkmojEU4Xu3I8--yJupvnllAH1D4...

EUVD-2025-8630

archives is a Go library for extracting archives tar, zip, etc.. Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the user is running this library as, through the...

BIT-MASTODON-2022-2166 Improper Restriction of Excessive Authentication Attempts in mastodon/mastodon

Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0...

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

GO-2025-4088 sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls

sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls...

GO-2025-4020 DoS risk due to unrestricted RAR dictionary sizes in github.com/nwaples/rardecode

DoS risk due to unrestricted RAR dictionary sizes in github.com/nwaples/rardecode...

GO-2025-4002 Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd

Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd...

GO-2025-4005 Canonical LXD Project Existence Determination Through Error Handling in Image Get Function in github.com/canonical/lxd

Canonical LXD Project Existence Determination Through Error Handling in Image Get Function in github.com/canonical/lxd...

GHSA-QW9X-CQR3-WC7R

creationtimestamp| type| source ---|---|--- 2025-11-05 14:59:52+00:00| seen| https://mstdn.social/users/jschauma/statuses/115497683553103053 2025-11-06 20:51:33+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115504728778207295...

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

PT-2025-45063

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2025.09.17-25b418f Description Cursor is a code editor designed for programming with AI. A flaw in the Cursor CLI Beta could allow a remote attacker to execute code. This is possible through the Model Context Protocol...

Detecting Vulnerabilities from Issue Reports for Internet-Of-Things

Timely identification of issue reports reflecting software vulnerabilities is crucial, particularly for Internet-of-Things IoT where analysis is slower than non-IoT systems. While Machine Learning ML and Large Language Models LLMs detect vulnerability-indicating issues in non-IoT systems, their I...

Astra Linux - уязвимость в vim

Use After Free in GitHub repository vim/vim prior to 8.2...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...

GO-2025-4044 NeuVector telemetry sender is vulnerable to MITM and DoS in github.com/neuvector/neuvector

NeuVector telemetry sender is vulnerable to MITM and DoS in github.com/neuvector/neuvector...