EUVD-2026-30801

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

Claude HUD 安全漏洞

Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of raw cwd and branchUrl values to construct OSC 8 terminal...

SUSE-SU-2026:21542-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources bsc1255768. - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definiti...

Low: composer

Issue Overview: Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangle...

Fedora 42 : composer (2026-13b4dbe546)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-13b4dbe546 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

UBUNTU-CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

CVE-2025-67746 Composer vulnerable to ANSI sequence injection

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

CVE-2025-20384

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...