| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration (allowing shell commands) and prompt injection delivered via project-specific Rules (<project>/.cursor/rules/rule.mdc) or other mechanisms. The fix for this issue is currently available as a patch 2025.09.17-25b418f. As of October 3, 2025 there is no release version. |
| The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_user_profile_image function in all versions up to, and including, 6.6.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). |
| yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the mitigation for CVE-2024-22423 where the default placeholder and {} were not covered by the new escaping rules. Windows users who are unable to upgrade should avoid using --exec altogether. Instead, the --write-info-json or --dump-json options could be used, with an external script or command line consuming the JSON output. This is fixed in version 2025.07.21. |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft Office Graphics Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Windows User Interface Application Core Remote Code Execution Vulnerability |
| Windows Compressed Folder Remote Code Execution Vulnerability |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| Microsoft Remote Registry Service Remote Code Execution Vulnerability |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Azure DevOps Server Remote Code Execution Vulnerability |
| Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability |
| Microsoft Remote Registry Service Remote Code Execution Vulnerability |
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
| Microsoft Exchange Server Remote Code Execution Vulnerability |
