3 matches found
CVE-2025-64109
Cursor CLI Beta contains a vulnerability where uploading a malicious MCP configuration in .cursor/mcp.json in a GitHub repo can trigger remote code execution when a victim clones the project and runs Cursor CLI. The issue results from the MCP (Model Context Protocol) server mechanism executing th...
CVE-2025-6514 OS command injection in mcp-remote when connecting to untrusted MCP servers
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorizationendpoint response URL...
CVE-2025-6514 OS command injection in mcp-remote when connecting to untrusted MCP servers
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorizationendpoint response URL...