Lucene search
+L

793 matches found

Snyk
Snyk
added 2026/06/05 5:8 p.m.5 views

Use of Weak Hash

Overview claude-mem is a Memory compression system for Claude Code - persist context across sessions Affected versions of this package are vulnerable to Use of Weak Hash via the computeObservationContentHash function in src/services/sqlite/observations/store.ts. An attacker can cause two differen...

3.6CVSS6AI score0.00075EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 2:16 p.m.13 views

CVE-2026-11330

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS0.00075EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:45 p.m.6 views

CVE-2026-11330

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/05 12:45 p.m.11 views

EUVD-2026-34828

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.25 views

PT-2026-46947

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

Claude-Mem 安全漏洞

Claude-Mem is an AI development assistant developed by Alex Newman. Versions of Claude-Mem prior to 11.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of a weak hash function in the computeObservationContentHash function of the Observation Content Hash Handler...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2026/06/04 3:15 p.m.21 views

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/02 10:1 p.m.19 views

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/06/02 11:58 a.m.32 views

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/06/01 9:4 a.m.10 views

Malicious Package

Overview @tmecontinue/claude is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
HackRead
HackRead
added 2026/05/30 5:13 p.m.16 views

Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users

Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.34 views

Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/29 8:48 a.m.13 views

BIT-MLFLOW-2026-2611 Improper Origin Validation in mlflow/mlflow

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS7.6AI score0.00371EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2026/05/28 1:33 p.m.20 views

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile...

9.8CVSS6.5AI score0.01456EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/05/27 11:40 p.m.133 views

poc-ccweb-unauth-rce

CVE — pqhaz3925/ccweb Unauthenticated RCE via Claude Code Cont...

6AI score
Exploits0
NVD
NVD
added 2026/05/27 9:16 p.m.14 views

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS0.00188EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/27 8:48 p.m.11 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/27 8:48 p.m.15 views

EUVD-2026-32664

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/27 8:48 p.m.51 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS0.00188EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:48 p.m.12 views

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder