Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.6 CVE-2025-54135

Cursor Agent is vulnerable to prompt injection via MCP Special Files_CVE-2025-54135

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If t...

cursor cursor < 1.3.9 CVE
HIGH 7.5 CVE-2025-54130

Cursor Agent is vulnerable prompt injection via Editor Special Files_CVE-2025-54130

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. ...

cursor cursor < 1.3.9 CVE
HIGH 7.5 CVE-2025-53544

Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval_CVE-2025-53544

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In vers...

TriliumNext Trilium < 0.97.0 CVE
HIGH 7.5 CVE-2025-54868

LibreChat exposes arbitrary chats through Meilisearch engine_CVE-2025-54868

LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary ch...

danny-avila LibreChat >= 0.0.6, < 0.7.7 CVE
HIGH 7.2 CVE-2025-7050

Use-your-Drive | Google Drive plugin for WordPress <= 3.3.1- Unauthenticated Stored Cross-Site Scripting via File Metadata_CVE-2025-7050

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter ...

WP Cloud Plugins/_deleeuw_ Use-your-Drive | Google Drive plugin for WordPress * CVE
HIGH 7.5 CVE-2025-6207

WP Import Export Lite <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload_CVE-2025-6207

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_im...

vjinfotech WP Import Export Lite * CVE
HIGH 7.5 CVE-2025-5061

WP Import Export Lite <= 3.9.29 - Authenticated (Subscriber+) Arbitrary File Upload_CVE-2025-5061

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_uploa...

vjinfotech WP Import Export Lite * CVE
HIGH 7.8 CVE-2025-41698

Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization_CVE-2025-41698

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.

Draeger Draeger ICMHelper CVE
HIGH 8.4 CVE-2025-7032

Rockwell Automation Stack-based Buffer Overflow In Arena® Simulation_CVE-2025-7032

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end o...

Rockwell Automation Arena® Simulation 16.20.09 and prior CVE
HIGH 8.4 CVE-2025-7025

Rockwell Automation Heap-based Buffer Overflow In Arena® Simulation_CVE-2025-7025

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end o...

Rockwell Automation Arena® Simulation 16.20.09 and prior CVE