Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2026/04/21 12:56 a.m.25 views

CVE-2026-39861 Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the...

7.7CVSS0.00168EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/21 12:0 a.m.5 views

Claude Code 路径遍历漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Claude Code has a path traversal vulnerability, which stems from the lack of restrictions on creating symbolic links that point outside the workspace by the sandbox processes...

10CVSS5.8AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/07 4:47 p.m.0 views

CVE-2026-39305 Arbitrary File Write / Path Traversal in Action Orchestrator

PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the...

9CVSS6.1AI score0.00076EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/11 1:32 p.m.3 views

CVE-2026-32060

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...

8.8CVSS5.9AI score0.00636EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/02/04 7:31 p.m.22 views

CVE-2026-24843 melange QEMU runner could write files outside workspace directory

melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...

8.2CVSS0.00007EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/04/08 12:0 a.m.2 views

PT-2025-15453 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions 0.45.0 through 0.48.6 Description: The issue affects the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted to automatically write to files outside o...

8CVSS6.4AI score0.00258EPSS
Exploits0References5
Rows per page
Query Builder