Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-39962

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permission callback of ' return true', which bypasses...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References6
CVE
CVE
added 2025/11/19 5:35 p.m.32 views

CVE-2025-65099

CVE-2025-65099 – Claude Code pre‑startup trust bypass via Yarn 3.x plugins is raised for Claude Code prior to 1.0.39. The issue allowed code execution from a project directory by exploiting Yarn 3.0+ plugins before the startup trust dialog was accepted. Affected scenario required running Claude C...

9.8CVSS7.1AI score0.00441EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/09/24 8:15 p.m.8 views

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

9.8CVSS0.00341EPSS
Exploits0References1
OSV
OSV
added 2025/08/08 10:16 p.m.5 views

CVE-2025-8741

A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The...

5.9CVSS4.2AI score0.00339EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/03/26 3:49 p.m.16 views

CVE-2025-27406 Icinga Reporting Stored XSS leads to SSRF

Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...

7.6CVSS0.00303EPSS
Exploits0References2
Rows per page
Query Builder