Lucene search
K

12 matches found

OSV
OSV
added 2026/03/29 3:50 p.m.2 views

GHSA-4HMJ-39M8-JWC7 OpenClaw has ACP CLI approval prompt ANSI escape sequence injection

Summary ACP CLI approval prompt ANSI escape sequence injection Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.2.13, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details ACP tool titles could previously...

5.3CVSS5.9AI score0.0026EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/29 3:50 p.m.27 views

OpenClaw has ACP CLI approval prompt ANSI escape sequence injection

Summary ACP CLI approval prompt ANSI escape sequence injection Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.2.13, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details ACP tool titles could previously...

5.3CVSS5.9AI score0.0026EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/03 7:16 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through a mismatch in wrapper-depth parsing in system.run. An attacker can bypass approval gating by crafting nested transparent dispatch wrappers, allowing...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 8:50 p.m.2 views

CVE-2026-24887 Claude Code has a Command Injection in find Command Bypasses User Approval Prompt

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

7.7CVSS5.7AI score0.00562EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/03 8:50 p.m.25 views

CVE-2026-24887 Claude Code has a Command Injection in find Command Bypasses User Approval Prompt

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

7.7CVSS0.00562EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/03 7:33 p.m.3 views

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

8.8CVSS6AI score0.00562EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/09/10 5:10 p.m.14 views

Claude Code rg vulnerability does not protect against approval prompt bypass

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will...

9.8CVSS7.1AI score0.00512EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/10 5:10 p.m.7 views

GHSA-QXFV-FCPC-W36X Claude Code rg vulnerability does not protect against approval prompt bypass

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will...

8.7CVSS7.3AI score0.00512EPSS
Exploits0References3
OSV
OSV
added 2025/09/10 3:6 p.m.7 views

CVE-2025-58764 Claude Code rg command had Command Injection that allowed bypass of user approval prompt for command execution

Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claud...

8.7CVSS7.3AI score0.00512EPSS
Exploits0References3
OSV
OSV
added 2025/08/05 12:7 a.m.7 views

CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

8.7CVSS7.1AI score0.0097EPSS
Exploits0References3
NVD
NVD
added 2025/03/21 9:15 a.m.24 views

CVE-2025-27715

Mattermost versions 9.11.x = 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them...

3.3CVSS0.00201EPSS
Exploits0References1
OSV
OSV
added 2024/02/26 4:28 p.m.4 views

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

5.9CVSS5.7AI score
Exploits0References3
Rows per page
Query Builder