2463 matches found
CVE-2025-59950
FreshRSS
CVE-2025-10542
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...
CVE-2025-59828
Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...
CVE-2025-10542
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...
PT-2025-39391
Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The software ships with default administrative credentials that are displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can...
GHSA-2JJV-QF24-VFM4 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...
Claude Code 安全漏洞
Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in versions prior to Claude Code 1.0.39, which stems from the Yarn plugin auto-execution and could lead to bypassing the directory trust dialog...
VulnCheck KEV: CVE-2018-17254
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter...
GHSA-J4H9-WV2M-WRF7 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
At startup, Claude Code constructed a shell command that interpolated the value of git config user.email from the current workspace. If an attacker controlled the repository’s Git config e.g., via a malicious .git/config and set user.email to a crafted payload, the unescaped interpolation could...
CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...
CVE-2025-59041
CVE-2025-59041 affects Claude Code, an agentic coding tool. At startup, Claude Code constructed a shell command interpolating the value of git config user.email, enabling arbitrary code execution if the configuration is maliciously crafted before the workspace trust dialog is accepted. The issue ...
CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...
CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...
PT-2025-37056
Name of the Vulnerable Software and Affected Versions: Claude Code versions prior to 1.0.105 Description: Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git...
CVE-2025-32350
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32350
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32350
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32350
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32350
The CVE-2025-32350 issue affects Google Android Framework: in maybeShowDialog of ControlsSettingsDialogManager.kt there can be an overlay/tapjacking that causes a ControlsSettingsDialog to overlap, enabling local elevation of privilege without extra user interaction. The Android Security Bulletin...
CVE-2025-32350
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...