Lucene search
+L

484 matches found

cvelist
cvelist
added 2026/06/23 5:6 p.m.37 views

CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

6CVSS0.00403EPSS
Exploits0References1
osv
osv
added 2026/06/23 5:6 p.m.4 views

CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

6CVSS6AI score0.00403EPSS
Exploits0References3
cve
cve
added 2026/06/23 5:6 p.m.58 views

CVE-2026-54316

CVE-2026-54316 (Claude Code) affects Claude Code versions 0.2.54–2.1.162, fixed in 2.1.163. The WebFetch tool allowed any path on the pre-approved domain huggingface.co, enabling an attacker-controlled repository path to be fetched without prompts or --allowedTools restrictions. If an attacker ca...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References1Affected Software1
snyk
snyk
added 2026/06/18 6:35 p.m.10 views

Unsafe Dependency Resolution

Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References2
snyk
snyk
added 2026/06/18 6:35 p.m.8 views

Unsafe Dependency Resolution

Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
snyk
snyk
added 2026/06/17 6:6 p.m.7 views

Covert Storage Channel

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Covert Storage Channel via the...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References3
github
github
added 2026/06/17 6:6 p.m.13 views

Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrust...

9.1CVSS5.5AI score0.00403EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50594

Name of the Vulnerable Software and Affected Versions Claude Code versions 0.2.54 through 2.1.162 Description The WebFetch tool pre-approved the hostname 'huggingface.co' as a bare hostname, allowing any path on that domain to be auto-approved without a permission prompt or restrictions from...

6CVSS5.9AI score0.00403EPSS
Exploits0References4
hackread
hackread
added 2026/06/11 1:20 p.m.26 views

Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions...

5.4AI score
Exploits0
ossf
ossf
added 2026/06/11 7:16 a.m.16 views

Malicious code in 0x2ai-demo6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f4a43a40af9e707d98ed55406b0ff32dccaad352fccf5d1eaaca41b9959d924 On npm install, scripts/postinstall.cjs writes .mcp.json into the installer's working directory INITCWD wiring Claude Code to a packaged MCP server...

5.5AI score
Exploits0References1
osv
osv
added 2026/06/11 7:16 a.m.11 views

MAL-2026-5592 Malicious code in 0x2ai-demo6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f4a43a40af9e707d98ed55406b0ff32dccaad352fccf5d1eaaca41b9959d924 On npm install, scripts/postinstall.cjs writes .mcp.json into the installer's working directory INITCWD wiring Claude Code to a packaged MCP server...

5.5AI score
Exploits0References1
ossf
ossf
added 2026/06/11 7:16 a.m.14 views

Malicious code in 0x2ai-demo7x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e956073a7db6057e4d42af462dba0299152ca992c113d74c715e90574d0efb On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD, placing...

5.5AI score
Exploits0References1
osv
osv
added 2026/06/11 7:16 a.m.20 views

MAL-2026-5599 Malicious code in 0x2ai-ivo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e78c039ee7ad67b1a20ef30b37ce03178f6c2181b1e330db69e04dabd0a28686 On install, the postinstall script copies the package's payload/ tree CLAUDE.md,.claude/settings.json,.mcp.json, and several.cjs MCP scripts into the...

5.5AI score
Exploits0References1
ossf
ossf
added 2026/06/11 7:16 a.m.15 views

Malicious code in 0x2ai-demo1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdc7c661d4867578d3dd920010bccc1e79fcae8753b5bf549f44ea8a45cde502 On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, cwd, recursive: true with cwd=process.env.INITCWD || process.cwd — recursively writing...

5.5AI score
Exploits0References3
ossf
ossf
added 2026/06/11 7:16 a.m.14 views

Malicious code in 0x2ai-demo9x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e796c3398589b92ecd70f45bc41128101313dd07adeb0634199ac3fef59d19d On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD without consent,...

5.4AI score
Exploits0References1
osv
osv
added 2026/06/10 7:33 p.m.29 views

GHSA-8Q5R-MMJF-575Q Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration

Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...

5.3CVSS6.3AI score0.00069EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.20 views

PT-2026-48540

Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...

5.3CVSS6.3AI score0.00069EPSS
Exploits0References8
githubexploit
githubexploit
added 2026/06/06 4:13 p.m.99 views

offensive-claude-533

Offensive Security Research Config for Claude Code !TIP...

6.1AI score
Exploits0
githubexploit
githubexploit
added 2026/06/06 3:58 p.m.101 views

offensive-claude-604

Offensive Security Research Config for Claude Code !TIP...

6.1AI score
Exploits0
githubexploit
githubexploit
added 2026/06/06 2:52 p.m.89 views

offensive-claude-813

Offensive Security Research Config for Claude Code !TIP...

6.1AI score
Exploits0
Rows per page
Query Builder