CVE-2025-64108 Cursor's Sensitive File Modification can Lead to NTFS Path Quirks

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected fil...

CVE-2025-64108

Cursor is an AI-assisted code editor with a vulnerability in versions 1.7.44 and below. The issue arises from NTFS path quirks that permit a prompt-injection attacker to bypass file protections and overwrite files that normally require human approval. Modifications to protected files can lead to ...

CVE-2025-64107 Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes ./.cursor/./././././mcp.json etc., and requires human approval to complete the operation. However, the same kin...

CVE-2025-64107 Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes ./.cursor/./././././mcp.json etc., and requires human approval to complete the operation. However, the same kin...

CVE-2025-64107 Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes ./.cursor/./././././mcp.json etc., and requires human approval to complete the operation. However, the same kin...

CVE-2025-64107

CVE-2025-64107 affects Cursor (open-source AI code editor). Versions 1.7.52 and earlier are vulnerable to path manipulation allowing RCE on Windows due to incomplete detection of backslash-based path operations, unlike the forward-slash checks that require approval. An attacker with prior control...

PT-2025-45062

Name of the Vulnerable Software and Affected Versions Cursor versions 1.7.44 and below Description Cursor, a code editor for programming with AI, has an issue where NTFS path quirks can be exploited by an attacker to bypass file protections and overwrite files that normally require user...

JLSEC-2025-197 GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c...

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, there was a format string bug vulnerability in the InterpretImageFilename function, where user input was directly passed to FormatLocaleString withou...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/riocm.c: prevented possible heap overwriting. In riocmcdevioctlRIOCMCHANSEND - cmchanmsgsend - riocmchsend, cmchanmsgsend checks that the user space did not send too much data. However, riocmchsend failed to check...

CVE-2025-64348

CVE-2025-64348 affects ELOG (ELOG

EUVD-2025-36995

Apache Airflow's create action can upsert existing Pools/Connections/Variables...

Execution with Unnecessary Privileges

Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the bulk create API with the overwrite action. An attacker can modify existing records by submitting crafted requests with only CREATE privileges. Remediation Upgrade apache-airflow-core to...

GHSA-GP5F-CX7H-8Q6F Apache Airflow's create action can upsert existing Pools/Connections/Variables

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

Apache Airflow's create action can upsert existing Pools/Connections/Variables

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

CVE-2025-62503

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

CVE-2025-62503

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

CVE-2025-62503

CVE-2025-62503 – Apache Airflow: Privilege boundary bypass in bulk APIs allows a user with CREATE (but not UPDATE) for Pools, Connections, and Variables to update existing records via the bulk create API with an overwrite action. Multiple sources (BIT-AIRFLOW-2025-62503, EUVD, Red Hat/CISA refere...

CVE-2025-62503 Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables)

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...

Exploit for CVE-2025-54957

Dolby Unified Decoder CVE-2025-54957 POC When a file is p...