27 matches found
CVE-2025-36730 Windsurf Prompt Injection via Filename
A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...
CVE-2025-36730 Windsurf Prompt Injection via Filename
A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...
CVE-2025-36730
Windsurf/Windsurft CVE-2025-36730 is a prompt-injection vulnerability affecting Windsurf/Windsurft version 1.10.7 when operating in Write mode with the SWE-1 model. The issue arises from a crafted file name that becomes appended to the user prompt, causing Windsurf to follow its instructions. Doc...
EUVD-2025-34255
A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...
Windsurf 安全漏洞
Windsurf is an AI programming software from Windsurf. A security vulnerability exists in Windsurf version 1.10.7, which stems from the possibility of creating filenames appended to user prompts when using the SWE-1 model in Write mode, causing Windsurf to execute its commands...
PT-2025-41975
A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...
windsurf-silbersee.de Cross Site Scripting vulnerability OBB-3278968
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...