CVE-2025-61590

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...

CVE-2025-61590 Cursor is vulnerable to RCE via .code-workspace files using Prompt Injection

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...

EUVD-2025-32314

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings pretty similar to .vscode/settings.json for...

PT-2025-40535

Name of the Vulnerable Software and Affected Versions Cursor versions 1.6 and below Description Cursor, a code editor for programming with AI, is susceptible to Remote Code Execution RCE attacks through Visual Studio Code Workspaces. Workspaces allow users to save specific settings for folders or...

CVE-2021-25364

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information...

MAL-2025-4031 Malicious code in untitled_flourish_template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eca89dddd0c14d44ef018267a857a52c3061439e46d4efb3fe64bd4173005dc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

untitled-agency.it Cross Site Scripting vulnerability OBB-3914743

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CISA Develops Factsheet for Free Tools for Cloud Environments

CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network...

GHSA-HQ8G-QQ57-5275 SQL Injection in untitled-model

All versions of untitled-model re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation No fix is currently available. Consider using an alternative package until a fix is made availab...

untitled-js (>=1.0.0 <=1.0.9) potentially affected by unknown CVE via untitled-model (=1.0.5)

untitled-model NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on untitled-model and may be impacted: - untitled-js =1.0.0, =1.0.9 Source cves: unknown CVE Source advisory: OSV:GHSA-HQ8G-QQ57-5275...

SQL Injection in untitled-model

All versions of untitled-model re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation No fix is currently available. Consider using an alternative package until a fix is made availab...

SQL Injection

untitled-model is vulnerable to SQL injection. The attack exists because it does not sanitize the input provided by the user, allowing an attacker to inject and execute arbitrary SQL queries...

Node.js third-party modules: [untitled-model] sql injection

I would like to report VULNERABILITY in MODULE It allows DESCRIBE THE IMPACT OF THE VULNERABILITY - E.G READ ARBITRARY FILES, READ DATA FROM DATABASE ETC Module module name: untitled-model version: 1.0.5 npm page: https://www.npmjs.com/package/untitled-model Module Description Rapid sql query...

Cross-Site Request Forgery (CSRF)

Jupyter notebook is vulnerable to cross-site request forgery CSRF attacks. It does not properly check the CSRF token and set authorization header. Attackers could create untitled files and start kernels no remote execution or modification of existing files for users of certain browsers Firefox,...