453 matches found
Claude Code echo command allowed bypass of user approval prompt for command execution
Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update...
1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +220 more potentially affected by CVE-2025-54795 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.128)
@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-54795 Source advisory: OSV:GHSA-X56V-X2H6-7J34...
GHSA-X56V-X2H6-7J34 Claude Code echo command allowed bypass of user approval prompt for command execution
Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update...
PT-2025-31834
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 0.2.111 Description Claude Code is an agentic coding tool affected by a path validation issue. This flaw uses prefix matching instead of canonical path comparison, allowing bypass of directory restrictions and...
CVE-2025-52882
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
CVE-2025-52882
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
CVE-2025-52882
CVE-2025-52882 affects Claude Code extensions for VSCode (and forks) and Claude Code [Beta] for JetBrains IDEs. An attacker-controlled webpage can trigger unauthorized websocket connections, enabling reading arbitrary files, viewing open files, and extracting IDE events in read/write contexts (e....
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
Claude Code 安全漏洞
Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...
1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +220 more potentially affected by CVE-2025-52882 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.128)
@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-52882 Source advisory: OSV:GHSA-9F65-56V6-GXW7...
Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates
Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates Spring AI 1.0.0-SNAPSHOT introduces several important changes to artifact IDs, dependency management, and autoconfiguration. This blog post outlines these changes and provides guidance on how to update your projects. The most significa...