GHSA-Q9M2-FHV9-3JCF `potato-annotation` has a Project-Boundary Bypass

Summary validatepathsecurity uses string-prefix containment startswith for boundary checks. This allows paths that are outside the intended project directory but share its prefix string e.g., /tmp/potatoprojdemoevil/... vs /tmp/potatoprojdemo to be accepted. Details Affected source location root...

Feathers 访问控制错误漏洞

Feathers is a lightweight web framework developed by Feathers OpenSource. It is used to create APIs and real-time applications using TypeScript or JavaScript. Feathers versions 5.0.39 and earlier have a security vulnerability related to access control. This vulnerability stems from the use of the...

CVE-2026-24052

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...