Cursor 访问控制错误漏洞

Cursor is an AI code editor from Cursor open source. An access control error vulnerability exists in Cursor version 1.7.23 and earlier, which stems from a logic error that could cause a malicious agent to read protected sensitive files...

CVE-2025-64110

CVE-2025-64110 affects Cursor: code editor for AI-assisted programming. A logic bug in versions 1.7.23 and earlier allows a malicious agent with prompt-injection access to read files protected by cursorignore, by creating a new cursorignore file that can invalidate existing configurations. The is...

phpThumb 操作系统命令注入漏洞

phpThumb is a PHP thumbnail generator by the individual developer James Heinrich. An operating system command injection vulnerability exists in phpThumb 1.7.23 and earlier versions, which stems from improper handling of parameter values and can lead to OS command injection...

CVE-2024-12427

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...

WordPress Multi Step Form plugin <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload vulnerability

Missing Authorization to Unauthenticated Limited File Upload vulnerability discovered by Ryan Zegar in WordPress Plugin Multi Step Form versions = 1.7.23...

Schneider Electric Easergy Builder 代码问题漏洞

Schneider Electric Easergy Builder is a set of configuration software for Easergy remote terminal units and controllers from Schneider Electric, France. A code issue vulnerability exists in Schneider Electric Easergy Builder version 1.7.23 and earlier, which stems from the presence of an...