10 matches found
PT-2026-50805
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description The software caches tool approval decisions based solely on the tool name rather than the invocation arguments. This allows subsequent calls to the execute command function to bypass approval...
CVE-2026-24887
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...
Claude Code 代码注入漏洞
Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.72 contained a code injection vulnerability. This vulnerability stemmed from command parsing errors, which could allow bypassing confirmation prompts and executing...
Improper Input Validation
@anthropic-ai/claude-code is vulnerable to improper input validation. The vulnerability is due to an overly broad allowlist of safe commands, which allows an attacker to bypass confirmation prompts, read file contents, and exfiltrate them over the network without user confirmation...
SUSE CVE-2022-29909
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
Mozilla Thunderbird 安全漏洞
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird. An attacker could u...
Mozilla: Bypassing permission prompt in nested browsing contexts
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...
Mozilla Firefox 权限许可和访问控制问题漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a Permission Granting and Access Control Issue vulnerability that stems from improper management of permissions in the application. An attacker could exploit the...
Mozilla Firefox 权限许可和访问控制问题漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox, which stems from the way Firefox handles extension updates. An attacker could use the vulnerability to trick victims into...
UBUNTU-CVE-2018-5105
WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox 58...