CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 4 days ago•7 views

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

The Hacker News•added 4 days ago•13 views

Exploits1References1

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and...

5.9AI score

Snyk•added 5 days ago•3 views

Malicious Package

Overview @tmecontinue/claude is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

HackRead•added last week•9 views

Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users

Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection...

5.8AI score

Packet Storm News•added 2026/05/30 12:0 a.m.•6 views

Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

5.8AI score

OSV•added 2026/05/29 8:48 a.m.•8 views

BIT-MLFLOW-2026-2611 Improper Origin Validation in mlflow/mlflow

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS7.6AI score0.00036EPSS

The Hacker News•added 2026/05/28 1:33 p.m.•15 views

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile...

9.8CVSS6.5AI score0.1439EPSS

Exploits1

GithubExploit•added 2026/05/27 11:40 p.m.•72 views

poc-ccweb-unauth-rce

CVE — pqhaz3925/ccweb Unauthenticated RCE via Claude Code Cont...

6AI score

NVD•added 2026/05/27 9:16 p.m.•9 views

CVE-2026-45136

8.6CVSS0.00018EPSS

Vulnrichment•added 2026/05/27 8:48 p.m.•6 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

EUVD•added 2026/05/27 8:48 p.m.•6 views

EUVD-2026-32664

Cvelist•added 2026/05/27 8:48 p.m.•36 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

8.6CVSS0.00018EPSS

CVE•added 2026/05/27 8:48 p.m.•10 views

CVE-2026-45136

Claude Code cache proxy claude-code-cache-fix is vulnerable to local code execution due to a Python triple-quote injection in tools/quota-statusline.sh. From v3.5.0–v3.5.1, user-controlled payloads can embed a ''' sequence which closes the Python literal and executes subsequent bytes in the user’...