Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-46580

Summary
Assigner-eclipse
Assigner Org ID-e51fbebd-6053-4e49-959f-1b94eeb69a2c
Published At-18 Jun, 2026 | 14:26
Updated At-19 Jun, 2026 | 03:55
Rejected At-
Credits

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:eclipse
Assigner Org ID:e51fbebd-6053-4e49-959f-1b94eeb69a2c
Published At:18 Jun, 2026 | 14:26
Updated At:19 Jun, 2026 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

Affected Products
Vendor
Eclipse Foundation AISBLEclipse Foundation
Product
Eclipse Theia
Repo
https://github.com/eclipse-theia/theia
Default Status
unaffected
Versions
Affected
  • From 0 before 1.71.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-829CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CWECWE-1427CWE-1427: Improper Neutralization of Input Used for LLM Prompting
Type: CWE
CWE ID: CWE-829
Description: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Type: CWE
CWE ID: CWE-1427
Description: CWE-1427: Improper Neutralization of Input Used for LLM Prompting
Metrics
VersionBase scoreBase severityVector
4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Piotr Ryciak (https://gitlab.eclipse.org/void01)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://gitlab.eclipse.org/security/cve-assignment/-/work_items/114
N/A
Hyperlink: https://gitlab.eclipse.org/security/cve-assignment/-/work_items/114
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:emo@eclipse.org
Published At:18 Jun, 2026 | 16:16
Updated At:22 Jun, 2026 | 19:45

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Eclipse Foundation AISBL
eclipse
>>theia>>Versions before 1.71.0(exclusive)
cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-829Secondaryemo@eclipse.org
CWE ID: CWE-829
Type: Secondary
Source: emo@eclipse.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gitlab.eclipse.org/security/cve-assignment/-/work_items/114emo@eclipse.org
Vendor Advisory
Patch
Hyperlink: https://gitlab.eclipse.org/security/cve-assignment/-/work_items/114
Source: emo@eclipse.org
Resource:
Vendor Advisory
Patch

Change History

0
Information is not available yet

Similar CVEs

35Records found

CVE-2026-44688
Matching Score-10
Assigner-Eclipse Foundation
ShareView Details
Matching Score-10
Assigner-Eclipse Foundation
CVSS Score-8.4||HIGH
EPSS-0.27% / 18.96%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:22
Updated-22 Jun, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed by the AI agent, would cause the agent to follow attacker-controlled instructions (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-1427
Improper Neutralization of Input Used for LLM Prompting
CVE-2026-44691
Matching Score-10
Assigner-Eclipse Foundation
ShareView Details
Matching Score-10
Assigner-Eclipse Foundation
CVSS Score-8.4||HIGH
EPSS-0.23% / 13.88%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:35
Updated-22 Jun, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges. In combination with AI chat features and a workspace .theia/settings.json that disabled tool confirmation, this could be triggered automatically by sending a message in the AI chat.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2019-17633
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-0.81% / 52.43%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 17:05
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-cheEclipse Che
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-10054
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-03 Jul, 2026 | 10:11
Updated-03 Jul, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header is missing or when no THEIA_HOSTS allowlist is configured (the default). The Socket.IO integration additionally replaces the real Origin header with a client-supplied fix-origin header that an attacker can control or omit. As a result, a foreign-origin web page visited by a user with a running Theia instance can open the /services WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication. A fix is in development that enforces same-origin validation by default, removes trust in the fix-origin header, gates HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitizes shell terminal creation options.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-Eclipse Theia
CWE ID-CWE-1385
Missing Origin Validation in WebSockets
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-35217
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.44%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 12:28
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.

Action-Not Available
Vendor-n/aEclipse Foundation AISBL
Product-vert.x-webn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34435
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.12%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 17:20
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CWE ID-CWE-346
Origin Validation Error
CVE-2023-4759
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-1.88% / 76.96%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:12
Updated-07 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationEclipse Foundation AISBL
Product-jgitwindowsmacosEclipse JGitjgit
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2021-41037
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-10||CRITICAL
EPSS-0.73% / 49.70%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 03:50
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it's possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-equinox_p2Eclipse Equinox p2equinox_p2
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-22551
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.87%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:32
Updated-22 Jun, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information from the workspace or conversation context, exfiltrating it to attacker-controlled servers. The workspace trust enforcement introduced in v1.71.0 mitigates the documented attack chain by disabling AI features in untrusted workspaces.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-1699
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.34%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 09:57
Updated-10 Mar, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to repository secrets and a GITHUB_TOKEN with extensive write permissions (contents:write, packages:write, pages:write, actions:write). An attacker could exfiltrate secrets, publish malicious packages to the eclipse-theia organization, modify the official Theia website, and push malicious code to the repository.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theia_websiteEclipse Theia - Website
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2019-11770
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-1.26% / 66.00%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 13:53
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-buildshipEclipse Buildship
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2019-10249
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-0.65% / 46.42%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 16:12
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-xtendxtextEclipse Xtext
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2019-10240
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.91%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 18:04
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-hawkbitEclipse hawkBit
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-10248
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.82%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 20:15
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-vortoEclipse Vorto
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2021-28162
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-6.1||MEDIUM
EPSS-0.78% / 51.31%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 21:40
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-830
Inclusion of Web Functionality from an Untrusted Source
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-8426
Matching Score-4
Assigner-Concrete CMS
ShareView Details
Matching Score-4
Assigner-Concrete CMS
CVSS Score-7.5||HIGH
EPSS-0.17% / 6.73%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 20:22
Updated-26 May, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Concrete CMS 9.5.0 and below is vulnerable to CSRF on prepare_remote_upgrade() leading to one-request RCE via package overwrite

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade() method to execute in a single browser navigation. This results in remote code execution as the web server user.   In order to be vulnerable, the victim must be passing canInstallPackages, victim site must be connected to the Concrete marketplace; and the attacker controls the package returned for a marketplace item ID already installed on the victim site. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks https://github.com/maru1009 for reporting.

Action-Not Available
Vendor-concretecmsConcrete CMS
Product-concrete_cmsConcrete CMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-55698
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 9.19%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:43
Updated-30 Jun, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained matching pnpm and @pnpm/exe versions. A malicious repository could therefore commit package-manager lockfile package records and snapshots that bypassed fresh package-manager resolution, then cause pnpm to install and execute bytes selected by that committed lockfile state during automatic version switching. This vulnerability is fixed in 10.34.2 and 11.5.3.

Action-Not Available
Vendor-pnpmpnpm
Product-pnpmpnpm
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-53810
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-0.42% / 33.72%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 20:07
Updated-23 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-8428
Matching Score-4
Assigner-Concrete CMS
ShareView Details
Matching Score-4
Assigner-Concrete CMS
CVSS Score-7.5||HIGH
EPSS-0.13% / 3.09%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 20:24
Updated-26 May, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF token is not validated in the core CMS update controller for Concrete CMS 9.5.0 and below

Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashboard/system/update/update.php never calls $this->token->validate('do_update'). The form is rendered as a POST form, meaning the token reaches the browser, but because the controller discards it without verification, an attacker can craft a cross-site POST that triggers a core CMS update to an attacker-specified version string.  In order to be vulnerable, theictim must be passing canUpgrade()anda valid update version must be present under DIR_CORE_UPDATES. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks https://github.com/maru1009 for reporting.

Action-Not Available
Vendor-concretecmsConcrete CMS
Product-concrete_cmsConcrete CMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-46529
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.53% / 40.79%
||
7 Day CHG-0.03%
Published-10 Jun, 2026 | 19:46
Updated-30 Jun, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside a malicious PDF document. The PDF can be packaged as a polyglot file that is simultaneously a valid PDF and a valid ELF shared library, making the attack a single-file, single-click, configuration-independent RCE on stock atril installations. The root cause is `shell/ev-application.c:ev_spawn`, which builds a command line from attacker-controlled PDF link-destination fields without applying `g_shell_quote`. The cmdline is then handed to `g_app_info_create_from_commandline`, which shell-parses it back into argv — splitting any embedded `--gtk-module=PATH` into a separate argv element. GTK then `dlopen()`s the path during init, running any `__attribute__((constructor))` it finds. Versions 1.26.3 and 1.28.4 contain a patch for the issue. This is the same defect class as CVE-2023-51698 (CBT `--checkpoint-action` injection in `comics-document.c`, fixed in 1.6.2) but in a different code path (`shell/ev-application.c`) that the original patch did not touch.

Action-Not Available
Vendor-mate-desktopRed Hat, Inc.
Product-atrilRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2026-6859
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.42% / 33.53%
||
7 Day CHG+0.06%
Published-22 Apr, 2026 | 13:04
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true`

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.

Action-Not Available
Vendor-Red Hat, Inc.
Product-instructlabenterprise_linux_aiRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-36727
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.3||HIGH
EPSS-0.42% / 34.02%
||
7 Day CHG~0.00%
Published-25 Jul, 2025 | 16:37
Updated-26 Aug, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimpleHelp Inclusion of functionality from untrusted control sphere

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.

Action-Not Available
Vendor-simple-helpSimplehelp
Product-simplehelpSimplehelp
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-43569
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-0.38% / 30.06%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:25
Updated-07 May, 2026 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-4255
Matching Score-4
Assigner-1c6b5737-9389-4011-8117-89fa251edfb2
ShareView Details
Matching Score-4
Assigner-1c6b5737-9389-4011-8117-89fa251edfb2
CVSS Score-8.4||HIGH
EPSS-0.19% / 8.90%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 07:14
Updated-08 Jun, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Injection Privilege Escalation

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library (DLL) dependencies using the default Windows search order, which includes directories that may be writable by non-privileged users.\n\n\n\nBecause these directories can be modified by unprivileged users, an attacker can place a malicious DLL with the same name as a legitimate dependency in a directory that is searched before trusted system locations. When the application is executed, which is always with administrative privileges, the malicious DLL is loaded instead of the legitimate library.\n\n\n\nThe application does not enforce restrictions on DLL loading locations and does not verify the integrity or digital signature of loaded libraries. As a result, attacker-controlled code may be executed within the security context of the application, allowing arbitrary code execution with elevated privileges.\n\n\n\nSuccessful exploitation requires that an attacker place a crafted malicious DLL in a user-writable directory that is included in the application's DLL search path and then cause the affected application to be executed. Once loaded, the malicious DLL runs with the same privileges as the application.\n\n\n\nThis issue affects \nTR-VISION HOME  versions up to and including 2.0.5.

Action-Not Available
Vendor-thermalrightthermalright
Product-tr-vision_homeTR-VISION HOME
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-27607
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-1.45% / 70.18%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 16:18
Updated-01 Jul, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.

Action-Not Available
Vendor-nhairsnhairs
Product-python_json_loggerpython-json-logger
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-20236
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.91% / 55.55%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 16:16
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex App Client-Side Remote Code Execution Vulnerability

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_teamsCisco Webex Teams
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-32920
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.33% / 24.93%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 11:17
Updated-23 Jun, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins

OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-55697
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 2.69%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:42
Updated-30 Jun, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm: Repository-controlled configDependencies can select a pacquet native install engine

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3.

Action-Not Available
Vendor-pnpmpnpm
Product-pnpmpnpm
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-55487
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 1.98%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:41
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalized to the same value. This vulnerability is fixed in 10.34.2 and 11.5.3.

Action-Not Available
Vendor-pnpmpnpm
Product-pnpmpnpm
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-4229
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5||MEDIUM
EPSS-1.31% / 67.21%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 15:30
Updated-15 Apr, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ua-parser-js Crypto Mining backdoor

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-ua-parser-js_projectunspecified
Product-ua-parser-jsua-parser-js
CWE ID-CWE-912
Hidden Functionality
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2019-11591
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.06% / 60.34%
||
7 Day CHG~0.00%
Published-29 Apr, 2019 | 13:46
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.

Action-Not Available
Vendor-web-doradon/a
Product-contact_formn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-8714
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-8.8||HIGH
EPSS-0.71% / 48.98%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 13:00
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.

Action-Not Available
Vendor-n/a
Product-PostgreSQL
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2022-34468
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.94% / 56.48%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdfirefoxThunderbirdFirefox ESRFirefox
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-30507
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.17% / 63.47%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 17:15
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromeandroidfedoraChrome
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-61592
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.42% / 33.88%
||
7 Day CHG+0.01%
Published-03 Oct, 2025 | 17:23
Updated-09 Oct, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration (allowing shell commands) and prompt injection delivered via project-specific Rules (<project>/.cursor/rules/rule.mdc) or other mechanisms. The fix for this issue is currently available as a patch 2025.09.17-25b418f. As of October 3, 2025 there is no release version.

Action-Not Available
Vendor-anyspherecursor
Product-cursorcursor
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
Details not found