Lucene search
K

785 matches found

vulnersOsv
vulnersOsv
added 2025/10/03 2:17 p.m.7 views

@circleci/agents (>=2.13.0-canary.3413b9c <=2.13.2-canary.8150572), @zed-industries/claude-code-acp (>=0.4.2 <=0.4.3) +1 more potentially affected by CVE-2025-59829 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.119)

@anthropic-ai/claude-code NPM version =1.0.108, =2.13.0-canary.3413b9c, =0.4.2, =0.1.51, =0.1.56 Source cves: CVE-2025-59829 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-13299550...

6.5CVSS5.8AI score0.00396EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/10/03 2:17 p.m.11 views

Claude Code permission deny bypass through symlink

Claude Code failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update wil...

6.5CVSS6.9AI score0.00396EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/10/03 2:16 p.m.2 views

GHSA-4FGQ-FPQ9-MR3G Claude Code can execute commands prior to the startup trust dialog

Due to a bug in the startup trust dialog implementation, Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update...

8.7CVSS7.4AI score0.30227EPSS
Exploits6References3
vulnersOsv
vulnersOsv
added 2025/10/03 2:16 p.m.7 views

@4via6/relay (>=1.0.0 <=1.1.3), @axonpush/wizard (>=0.0.1 <=0.0.4) +12 more potentially affected by CVE-2025-59536 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.108)

@anthropic-ai/claude-code NPM version =0.2.126, =1.0.0, =0.0.1, =0.0.55, =1.0.0, =0.0.1, =0.0.1, =1.8.0, =0.1.51, =1.4.0, =0.0.1, =0.0.1, =0.0.5 Source cves: CVE-2025-59536 Source advisory: OSV:GHSA-4FGQ-FPQ9-MR3G...

8.8CVSS6AI score0.30227EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2025/10/03 2:16 p.m.10 views

@circleci/agents (=2.13.2-canary.8150572), claude-code-webui (>=0.1.51 <=0.1.56) potentially affected by CVE-2025-59536 via @anthropic-ai/claude-code (=1.0.108)

@anthropic-ai/claude-code NPM version =1.0.108 is affected by a known vulnerability. The following packages have a transitive dependency on @anthropic-ai/claude-code and may be impacted: - @circleci/agents =2.13.2-canary.8150572 - claude-code-webui =0.1.51, =0.1.56 Source cves: CVE-2025-59536...

8.8CVSS6AI score0.30227EPSS
Exploits6
Snyk
Snyk
added 2025/10/03 2:16 p.m.2 views

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

8.8CVSS7.7AI score0.30227EPSS
Exploits6References2
OSV
OSV
added 2025/10/03 6:34 a.m.4 views

CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...

8.7CVSS7.6AI score0.30227EPSS
Exploits6References3
CVE
CVE
added 2025/10/03 6:34 a.m.35 views

CVE-2025-59536

Claude Code (Anthropic) versions before 1.0.111 are vulnerable to code injection due to a flaw in the startup trust dialog. An attacker could trick a user into starting Claude Code in an untrusted project directory, causing code from that project to execute before the user accepts the startup tru...

8.8CVSS7.2AI score0.30227EPSS
Exploits6References1Affected Software1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.6 views

Claude Code 代码注入漏洞

Claude Code is an open source proxy coding tool from Anthropic. A code injection vulnerability exists in Claude Code versions prior to 1.0.111, which stems from a flaw in the implementation of the startup trust dialog box that could lead to a code injection attack...

8.8CVSS7.1AI score0.30227EPSS
Exploits6References1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.6 views

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code versions prior to 1.0.120 that stems from a failure to consider symbolic links when checking permission denial rules, which could lead to bypassing file access restrictions...

6.5CVSS6.4AI score0.00396EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/10/03 12:0 a.m.11 views

External Data Extraction Attacks against Retrieval-Augmented Large Language Models

In recent years, RAG has emerged as a key paradigm for enhancing large language models LLMs. By integrating externally retrieved information, RAG alleviates issues like outdated knowledge and, crucially, insufficient domain expertise. While effective, RAG introduces new risks of external data...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.6 views

PT-2025-40539

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.120 Description An issue existed where Claude Code did not properly handle symlinks when enforcing permission deny rules. Specifically, if a user blocked Claude Code’s access to a file, but Claude Code had...

2.3CVSS6.6AI score0.00396EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2025/10/02 11:30 a.m.19 views

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome's settings t...

10CVSS9.9AI score0.99999EPSS
Exploits61
RedhatCVE
RedhatCVE
added 2025/09/25 7:47 p.m.4 views

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

7.7CVSS6.9AI score0.00341EPSS
Exploits0References1
NVD
NVD
added 2025/09/24 8:15 p.m.9 views

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

9.8CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/24 7:30 p.m.3 views

CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

7.7CVSS6.5AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2025/09/24 7:30 p.m.5 views

CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

7.7CVSS6.9AI score0.00341EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/24 7:30 p.m.13 views

CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

7.7CVSS0.00341EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/09/24 6:57 p.m.9 views

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +210 more potentially affected by CVE-2025-59828 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-59828 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-13109605...

9.8CVSS5.7AI score0.00341EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/24 6:57 p.m.14 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +222 more potentially affected by CVE-2025-59828 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.24)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-59828 Source advisory: OSV:GHSA-2JJV-QF24-VFM4...

9.8CVSS5.7AI score0.00341EPSS
Exploits0
Rows per page
Query Builder