PT-2026-32039

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.4 Description goshs, a SimpleHTTPServer written in Go, had an authorization bypass. Prior to version 2.0.0-beta.4, the software enforced ACL/basic-auth mechanisms for directory listings and file reads, but di...

Improper Directory Validation

@anthropic-ai/claude-code is vulnerable to improper directory validation. The vulnerability is due to insufficient validation of directory changes when using the cd command with write operations, which allows an attacker to navigate into protected folders e.g., .claude and create or modify files...

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

GHSA-66Q4-VFJG-2QHH Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

CVE-2026-25722

CVE-2026-25722 affects Claude Code prior to version 2.0.57. The root cause is improper validation of directory changes during write operations to protected folders, allowing an attacker to use the cd command to navigate to sensitive directories (e.g., .claude) and bypass write protections to crea...

CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

EUVD-2026-5636

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

PT-2026-6763

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.57 Description Claude Code, an agentic coding tool, did not properly validate directory changes when combined with write operations to protected folders. Utilizing the cd command to navigate into sensitive...

Claude Code 操作系统命令注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.57 contained a vulnerability related to operating system command injection. This vulnerability arose from an inability to properly validate directory changes in conjuncti...

PT-2026-6853

Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...

CVE-2025-15523

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

Inkscape security vulnerabilities

Inkscape is an open-source graphic editor. Versions of Inkscape prior to 1.4.3 have security vulnerabilities. This vulnerability stems from the Python interpreter bundled with Inkscape inheriting TCC permissions from the main application, which may allow local users to access files in...

EUVD-2021-30679

Malicious code in bioql PyPI...

CVE-2025-8672 TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

CVE-2025-8672 TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

CVE-2022-45968

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...

CVE-2022-45968

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...

CVE-2021-43772

Trend Micro Security 2021 v17.0 Consumer contains a vulnerability that allows files inside the protected folder to be modified without any detection...