Anthropic Claude Code < 2.1.7 Permission Deny Bypass Through Symbolic Links (CVE-2026-25724)

The version of Anthropic Claude Code installed on the remote host is prior to 2.1.7. It is, therefore, affected by a permission bypass vulnerability. Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly...

PT-2026-6765

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.7 Description Claude Code, an agentic coding tool, did not properly enforce deny rules defined in the settings.json file when handling symbolic links. Specifically, if access to a file like /etc/passwd was...

CVE-2025-62522

Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended...

CVE-2025-62522

Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended...

PT-2025-42804

Name of the Vulnerable Software and Affected Versions Vite versions 2.9.18 through 3.0.0 Vite versions 3.2.9 through 4.0.0 Vite versions 4.5.3 through 5.0.0 Vite versions 5.2.6 through 5.4.21 Vite versions 6.0.0 through 6.4.1 Vite versions 7.0.0 through 7.0.8 Vite versions 7.1.0 through 7.1.11...

GLPI 信息泄露漏洞

GLPI is an open source IT and asset management software. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridges and ink cartridges. An...