CVE-2025-11185

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2026-20375

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Command Validation Bypass

@anthropic-ai/claude-code is vulnerable to command validation bypass. The vulnerability is due to improper validation of piped sed operations with the echo command, which allows an attacker to bypass file write restrictions and write to sensitive directories when the “accept edits” feature is...

Command Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection via improper...

CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

EUVD-2026-5637

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

CVE-2026-25723

Claude Code prior to 2.0.55 allowed command validation bypass by piping sed via echo, enabling writes to the .claude directory and paths outside the project when the attacker could run commands with the "accept edits" feature enabled. The issue has been patched in 2.0.55. Affected software: Claud...

PT-2026-6862

Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...

PT-2026-6764

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.55 Description Claude Code, an agentic coding tool, exhibited a flaw in command validation. Specifically, the software did not adequately validate commands utilizing piped sed operations with the echo command...

ROS-20260205-73-0035

A vulnerability in the hashaccept function of the crypto/algifhash.c component of the Linux kernel is related to memory re-release. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005060)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005060 advisory. In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CP...

ROS-20260126-73-0003

A vulnerability in the erdmaacceptnewconn function of the drivers/infiniband/hw/erdma/erdmacm.c component of the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data,...

Azure Linux 3.0 Security Update: multus (CVE-2020-28852)

The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28852 advisory. - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage whil...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22088)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22088 advisory. - In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in...

Azure Linux 3.0 Security Update: multus (CVE-2020-28851)

The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28851 advisory. - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001218)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001218 advisory. The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or...

e1000: fix OOB in e1000_tbi_should_accept()

...