49 matches found
claude-code-f002-poc
F002: Supply Chain Attack via Non-Interactive Workspace Trust...
CVE-2026-44479
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...
CVE-2026-44479 Vercel: Non-interactive mode includes CLI arguments in suggested command output
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...
CVE-2026-44479
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...
CVE-2026-44479
CVE-2026-44479 affects Vercel’s AI Cloud CLI between versions 50.16.0 and 52.0.0. In non-interactive mode, commands that cannot complete autonomously emit JSON payloads with follow-up commands, and if a token is supplied on the CLI (via --token/-t), the token value is included verbatim in those s...
CVE-2026-44479 Vercel: Non-interactive mode includes CLI arguments in suggested command output
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...
vercel 信息泄露漏洞
Vercel is an open-source cloud platform for application development and deployment. Versions of Vercel from 50.16.0 to 52.0.0 have a vulnerability related to information leakage. This vulnerability arises when commands that cannot be executed autonomously are run in non-interactive mode. If...
GHSA-PGF8-2HGJ-GRQG Vercel: Non-interactive mode includes CLI arguments in suggested command output
Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...
Vercel: Non-interactive mode includes CLI arguments in suggested command output
Summary When the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the user authenticated via --token or -t on the command line, the token value is included...
Insertion of Sensitive Information into Log File
Overview vercel is a The command-line interface for Vercel Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the suggested follow-up commands in --non-interactive mode or auto-detected AI agent when a command cannot complete autonomously. An...
NPM: Vercel: Non-interactive mode includes CLI arguments in suggested command output
NPM: Vercel: Non-interactive mode includes CLI arguments in suggested command output vulnerability discovered by ? in WordPress Npm vercel versions = 50.16.0, = 52.0.0...
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft
CVE-2024-30088 – WinRM Adapted PoC 📌 Summary This is a mo...
Ja4Scanner
Ja4Scanner — Bug Bounty Hunter's Toolkit A Python CLI tool fo...
CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
PT-2026-7900
Name of the Vulnerable Software and Affected Versions Inspektor Gadget affected versions not specified Description Inspektor Gadget has an issue where string fields from eBPF events in columns output mode are not sanitized, potentially allowing maliciously crafted event payloads from observed...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 PoC Usage bash Interacti...
Exploit for Command Injection in Telesquare Tlr-2005Ksh_Firmware
🚀 CVE-2024-29269 Exploit This repository contains an exploit...
Exploit for Command Injection in Telesquare Tlr-2005Ksh_Firmware
🚀 CVE-2024-29269 Exploit This repository contains an exploit...
Exploit for CVE-2024-25600
CVE-2024-25600 Exploit Tool 🚀 Description 📝 This tool 🛠️...
Exploit for CVE-2024-25600
CVE-2024-25600 Exploit Tool 🚀 Description 📝 This tool 🛠️...