CVE-2025-66032

Claude Code (the agentic coding tool) is affected by a vulnerability in versions prior to 1.0.93 where errors in parsing shell commands related to $IFS and short CLI flags allow bypassing the read-only validation and may enable arbitrary code execution. Exploitation requires the attacker to intro...

EUVD-2025-201016

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

CVE-2025-54065

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

CVE-2025-54065 GZDoom engine allows arbitrary code execution via ZScript actor states

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

EUVD-2025-201101

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

CVE-2025-54065

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

Arbitrary Code Injection

Overview next is a react framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code on the server by sending malicious HT...

Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...

GHSA-XQ4M-MC3C-VVG3 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...

GZDoom 安全漏洞

GZDoom is a feature-centered port of the ZDoom open source for all Doom engine games based on ZDoom. A security vulnerability exists in GZDoom 4.14.2 and earlier versions, which stems from improper handling of the ZScript actor state and could lead to the execution of arbitrary code...

PT-2025-48985

Name of the Vulnerable Software and Affected Versions Pepper language version 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7 Description A heap buffer overflow exists in the compiler.c and compiler.h files. Malicious execution of a Pepper source file .pr could lead to arbitrary code executi...

Grav Server-Side Template Injection Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause arbitrary code execution...

AVTech DGM1104 安全漏洞

AVTech DGM1104 is a network video recorder from AVTech Corporation of Taiwan, China. A security vulnerability exists in the AVTech DGM1104 FullImg-1015-1004-1006-1003 version, which originates from an authenticated command injection in the NetFailDetectD binary file, and could lead to the executi...

Pepper Programming Language 安全漏洞

Pepper Programming Language is an interpreted programming language from the Dutch individual developer Danny van Kooten. A security vulnerability exists in Pepper Programming Language version 0.1.1commit, which originates from a heap buffer overflow and could lead to the execution of arbitrary co...

CVE-2025-50360

Pepper language 0.1.1commit (commit 961a5d9988c5986d563310275adad3fd181b2bb7) contains a heap buffer overflow in compiler.c and compiler.h. Malicious Pepper source files (.pr) could cause arbitrary code execution or Denial of Service. Several connected sources (including Red Hat, EUVD-ENISA, NVD/...

PT-2025-48964

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : CUPS vulnerability (USN-7897-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7897-1 advisory. It was discovered that CUPS incorrectly handled input from users in the web configuration settings...

Debian dsa-6065 : krita - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6065 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6065-1 [email protected] https://www.debian.org/security/...

CVE-2025-64772

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...