5344 matches found
Malicious code in protobufjs-websocket-example (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5372e68ba0b48947bc24234bd3009eaf3350edf61ca65bd42229c19a046fe8 Any computer that has this package installed or running should be considered...
MAL-2025-5721 Malicious code in protobufjs-websocket-example (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5372e68ba0b48947bc24234bd3009eaf3350edf61ca65bd42229c19a046fe8 Any computer that has this package installed or running should be considered...
📄 Mouselink 5.0.1 Unauthenticated Remote Code Execution
Mouselink version 5.0.1 allows unauthenticated remote code execution due to improper JWT validation, enabling attackers to forge JWT tokens with a known hardcoded secret. Using the forged token, attackers can bypass authentication, connect to the WebSocket interface, and simulate keyboard input t...
CVE-2025-52882
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
📄 Mouselink 5.0.1 Remote Code Execution
Mouselink version 5.0.1 allows unauthenticated remote attackers to execute arbitrary commands by abusing an exposed login endpoint and insecure WebSocket-based keyboard simulation. With no password per default, an attacker can obtain a JWT token, open a WebSocket session, and simulate keystrokes ...
Curl 8.13.0 < 8.14.1 DoS (CVE-2025-5399)
The version of Curl installed on the remote host is is missing security update. It is, therefore, affected by a denial of service vulnerability. - Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless...
Unauthorized Access
Claude Code is vulnerable to Unauthorized Access. The vulnerability is due to improper origin validation due to the extensions accepting WebSocket connections from attacker-controlled webpages, allowing unauthorized access to IDE data and limited code execution in specific scenarios...
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...
CVE-2025-52882
CVE-2025-52882 affects Claude Code extensions for VSCode (and forks) and Claude Code [Beta] for JetBrains IDEs. An attacker-controlled webpage can trigger unauthorized websocket connections, enabling reading arbitrary files, viewing open files, and extracting IDE events in read/write contexts (e....
Claude Code 安全漏洞
Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...
GHSA-9F65-56V6-GXW7 Claude Code Improper Authorization via websocket connections from arbitrary origins
Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions...
Claude Code Improper Authorization via websocket connections from arbitrary origins
Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions...
Exploit for CVE-2025-1094
CVE-2025-1094 SQL Injection to RCE via WebSocket 🔥 ✔️ Descr...
📄 Mobile Mouse 3.6.0.4 Clipboard Data Exfiltration
An attacker can intercept clipboard activity from a system running Mobile Mouse version 3.6.0.4. When the user copies text, images, or takes screenshots, the data is transmitted over a WebSocket channel without encryption or authentication, allowing passive exfiltration of sensitive information...
📄 Mobile Mouse 3.6.0.4 WebSocket Remote Code Execution
Mobile Mouse version 3.6.0.4 contains a remote code execution vulnerability through its WebSocket interface. Exploit Title: Mobile Mouse 3.6.0.4 WebSocket Remote code execution Date: 06/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link:...
PT-2025-26782
Name of the Vulnerable Software and Affected Versions: Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 Claude Code beta for JetBrains IDE plugins versions 0.1.1 through 0.1.8 Description: The issue allows unauthorized websocket connections from an attacker when visiting...
Robot Context Protocol (RCP): a Runtime-Agnostic Interface for Agent-Aware Robot Control
The Robot Context Protocol RCP is a lightweight, middleware-agnostic communication protocol designed to simplify the complexity of robotic systems and enable seamless interaction between robots, users, and autonomous agents. RCP provides a unified and semantically meaningful interface that...
The vulnerability in the WebSocket protocol implementation of the libsoup graphical interface library for GNOME allows a attacker to cause a service failure.
The vulnerability of the WebSocket protocol implementation in the GNOME graphical interface library libsoup is related to pointer dereferencing errors. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending a specially crafted POST request...