CVE-2025-15412 WebAssembly wabt wasm-decompile VarName out-of-bounds

A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approac...

CVE-2025-15411

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the loc...

PT-2026-1026

Name of the Vulnerable Software and Affected Versions WebAssembly wabt versions up to 1.0.39 Description A memory corruption issue exists in WebAssembly wabt. The issue is related to the wabt::AST::InsertNode function within the /src/repro/wabt/bin/wasm-decompile file of the wasm-decompile...

CVE-2025-65099

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

CVE-2025-65099

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

PT-2025-47513

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Prior to version 1.0.39, Claude Code could be tricked into executing code contained in a project through Yarn plugins before the user accepted the startup trust dialog, when running on a machine...

WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Order Refund vulnerability discovered by Powpy in WordPress Plugin Flexible Refund and Return Order for WooCommerce versions = 1.0.38...

EUVD-2025-31043

Malicious code in bioql PyPI...

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in versions prior to Claude Code 1.0.39, which stems from the Yarn plugin auto-execution and could lead to bypassing the directory trust dialog...

PT-2025-39338

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Claude Code is an agentic coding tool. When used with Yarn versions 2.0 and higher, Yarn plugins are automatically executed when running yarn --version in versions prior to 1.0.39. This could...

CVE-2025-24655

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through = 1.0.39...

CVE-2025-24655 WordPress Wishlist Plugin <= 1.0.39 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through = 1.0.39...

CVE-2025-24655

CVE-2025-24655 affects the WordPress Plugin Wishlist (PickPlugins Wishlist). Vulnerability: Reflected Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected versions: 1.0.0 through 1.0.39. Impact: potential for attackers to inject client-side sc...

WordPress plugin Wishlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Wishlist Plugin <= 1.0.39 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin Wishlist versions = 1.0.39...

Malicious code in yelp-logging (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7ff40f995641f74640b48eeefb3717de25988026d50ca8f472fe4b69d7a91ca7 The OpenSSF Package Analysis project identified 'yelp-logging' @ 1.0.39 npm as malicious. It is considered malicious because: - The package...