Lucene search
K

24 matches found

Cvelist
Cvelist
added 2026/05/18 6:57 p.m.35 views

CVE-2026-45244 Summarize < 0.15.1 Unapproved Browser Automation Execution

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS0.00227EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an issue with authorization deficiencies, which could allow attackers to execute browser automation operatio...

5.4CVSS5.9AI score0.00227EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.5 views

CVE-2026-30310

In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

9.8CVSS6AI score0.00512EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 2:16 p.m.4 views

CVE-2026-30310

In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

9.8CVSS0.00512EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 12:0 a.m.10 views

CVE-2026-30310

Technical details not publicly available in the provided documents. Monitor for updates.

9.8CVSS6AI score0.00512EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.3 views

CVE-2026-30310

In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

6AI score0.00512EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 12:0 a.m.22 views

CVE-2026-30310

In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

0.00512EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 9:17 p.m.4 views

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

9.8CVSS0.00678EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.3 views

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

6AI score0.00512EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.18 views

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

0.00512EPSS
Exploits0References2
CVE
CVE
added 2026/03/30 12:0 a.m.8 views

CVE-2026-30308

CVE-2026-30308 affects HAI Build Code Generator's automatic terminal command execution feature. The tool offers two options: Execute safe commands or Execute all commands. The root cause is prompt-injection-based bypass: an attacker can wrap a malicious command in a generic template and mislead t...

9.8CVSS6AI score0.00512EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.20 views

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

0.00678EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.7 views

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

6AI score0.00678EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.6 views

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

9.6CVSS6.1AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 3:16 p.m.4 views

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

9.6CVSS0.00435EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.2 views

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

6.1AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.5 views

PT-2026-7176

Name of the Vulnerable Software and Affected Versions ZAI Shell versions prior to 9.0.3 Description ZAI Shell, an autonomous SysOps agent, has an issue in its P2P terminal sharing feature share start. Before version 9.0.3, this feature opens a TCP socket on port 5757 without authentication. A...

8.8CVSS5.9AI score0.0064EPSS
Exploits2References9
Hacker One
Hacker One
added 2026/01/12 2:25 a.m.8 views

MetaMask: Authorization Bypass in Starknet Snap via enableAuthorize parameter leads to unauthorized transaction signing

A critical security vulnerability was discovered in the Starknet Snap by Consensys. The vulnerability allowed malicious websites to bypass user authorization when signing messages or transactions. The vulnerability existed in the enableAuthorize parameter, which could be controlled by any website...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/08/05 12:7 a.m.3 views

CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

8.7CVSS6.5AI score0.0097EPSS
Exploits0References1
OSV
OSV
added 2025/08/04 3:18 p.m.3 views

GHSA-X56V-X2H6-7J34 Claude Code echo command allowed bypass of user approval prompt for command execution

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update...

8.7CVSS6.6AI score0.0097EPSS
Exploits0References3
Rows per page
Query Builder