Anysphere

Cursor

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-61590

  • EPSS 0.1%
  • Veröffentlicht 03.10.2025 16:27:34
  • Zuletzt bearbeitet 17.10.2025 17:24:46

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific sett...

5.9

CVE-2025-61589

  • EPSS 0.04%
  • Veröffentlicht 03.10.2025 06:48:30
  • Zuletzt bearbeitet 20.10.2025 18:41:07

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information t...

9.8

CVE-2025-54130

  • EPSS 0.06%
  • Veröffentlicht 05.08.2025 00:12:28
  • Zuletzt bearbeitet 25.08.2025 01:38:42

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensit...

9.8

CVE-2025-54135

  • EPSS 0.09%
  • Veröffentlicht 05.08.2025 00:11:07
  • Zuletzt bearbeitet 25.08.2025 01:36:47

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive ...

8.8

CVE-2025-54131

  • EPSS 0.04%
  • Veröffentlicht 01.08.2025 23:15:24
  • Zuletzt bearbeitet 25.08.2025 01:53:54

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). If a user has swapped Cursor from its default settings (requiring approval for every t...

7.5

CVE-2025-54132

  • EPSS 0.05%
  • Veröffentlicht 01.08.2025 23:15:24
  • Zuletzt bearbeitet 25.08.2025 01:48:43

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive infor...

8.8

CVE-2025-54136

  • EPSS 0.13%
  • Veröffentlicht 01.08.2025 23:08:21
  • Zuletzt bearbeitet 25.08.2025 01:41:36

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the fil...

9.6

CVE-2025-54133

  • EPSS 0.04%
  • Veröffentlicht 01.08.2025 23:07:00
  • Zuletzt bearbeitet 25.08.2025 01:46:04

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol) deeplink handler, allowing attackers to execute 2-click arbitrary system ...