CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

The Hacker News•added 2026/03/26 1:11 p.m.•7 views

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the user wrote them,...

6AI score

Exploits0

Veracode•added 2025/09/08 6:19 a.m.•1 views

Improper Input Validation

@anthropic-ai/claude-code is vulnerable to improper input validation. The vulnerability is due to an overly broad allowlist of safe commands, which allows an attacker to bypass confirmation prompts, read file contents, and exfiltrate them over the network without user confirmation...

7.5CVSS6.8AI score0.00137EPSS

Exploits0References2Affected Software1

Snyk•added 2025/08/18 6:46 p.m.•2 views

Command Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection via an overly...

7.1CVSS7.2AI score0.00137EPSS

Exploits0References2

RedhatCVE•added 2025/08/18 1:34 a.m.•3 views

CVE-2025-55284

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...

7.1CVSS7.3AI score0.00137EPSS

Exploits0References1