VYPR
Vendor

ToDesktop

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2025-27554CriMar 1, 2025
    risk 0.64cvss 9.9epss 0.01

    ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a…

  • CVE-2025-67229Jan 23, 2026
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

  • CVE-2025-67230Jan 23, 2026
    risk 0.00cvss epss 0.00

    Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation.