Windows Remote Desktop Gateway RCE (CVE-2020-0609)

A remote code execution vulnerability exists in Windows Remote Desktop Gateway RD Gateway when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who...

Malicious code in jh-rce-package (npm)

The package jh-rce-package was found to contain malicious code...

MAL-2025-23790 Malicious code in jh-rce-package (npm)

The package jh-rce-package was found to contain malicious code...

CVE-2025-54382 Cherry Studio RCE Vulnerability Disclosure

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...

CVE-2025-55164 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called proto, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves...

Linux Distros Unpatched Vulnerability : CVE-2018-12386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution...

CVE-2012-10028

CVE-2012-10028 affects Netwin SurgeFTP

CVE-2025-54130 Cursor Agent is vulnerable prompt injection via Editor Special Files

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the...

CVE-2025-54130 Cursor Agent is vulnerable prompt injection via Editor Special Files

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the...

CVE-2025-54135 Cursor Agent is vulnerable to prompt injection via MCP Special Files

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file...

CVE-2025-54135

Cursor before v1.3.9 allows prompt-injection via MCP MCP server data to auto-run and write to ~/.cursor/mcp.json, enabling RCE when processing external content. Affected: Cursor AI code editor (Cursor) in-workspace file writes without user approval; dotfiles require approval but new dotfiles do n...

Partner Software/Partner Web does not sanitize Report files and Note content, allowing for XSS and RCE

Overview Partner Software and Partner Web, both products of their namesake company, Partner Software, fail to sanitize report or note files, allowing for XSS attacks. Partner Software is subdivision of N. Harris Computer Corporation and is a field application development company, with products...

CVE-2025-49832

Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in asterisk/res/resstirshaken /verification.c that can be...

CVE-2025-49832

CVE-2025-49832 affects Asterisk (open source PBX/telephony toolkit). The vulnerability lies in the file asterisk/res/res_stir_shaken/verification.c, enabling remote DoS and possible RCE under two conditions: (1) an attacker can set an arbitrary Identity header, or (2) STIR/SHAKEN is enabled with ...

CVE-2025-49832

Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in asterisk/res/resstirshaken /verification.c that can be...

GHSA-7C78-RM87-5673 MS SWIFT WEB-UI RCE Vulnerability

I. Detailed Description: This includes scenarios, screenshots, vulnerability reproduction methods. For account-related vulnerabilities, please provide test accounts. If the reproduction process is complex, you may record a video, upload it to Taopan, and attach the link. 1. Install ms-swift pip...

PT-2025-31568

Name of the Vulnerable Software and Affected Versions Asterisk versions 18.26.2 and earlier Asterisk versions 20.00.0 through 20.15.0 Asterisk version 20.7-cert6 Asterisk version 21.00.0 Asterisk versions 22.00.0 through 22.5.0 Description Asterisk is an open source private branch exchange and...

RockyLinux 9 : gimp (RLSA-2025:7417)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7417 advisory. gimp: dds buffer overflow RCE CVE-2023-44441 gimp: PSD buffer overflow RCE CVE-2023-44442 gimp: psp integer overflow RCE CVE-2023-44443 gimp: psp...

RockyLinux 8 : tomcat (RLSA-2025:11333)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11333 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...