CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Snyk•added 2026/03/11 12:37 a.m.•2 views

Command Injection

Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Command Injection through the authenticateWebSocket process and unsanitized input in the WebSocket shell handler. An attacker can execute arbitrary operating system...

9.8CVSS6.1AI score0.03433EPSS

Exploits1References2

OSV•added 2026/03/11 12:37 a.m.•5 views

GHSA-GV8F-WPM2-M5WR @siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cveclaudecodeuisubmissionv2.zip  Submission Info | Field | Value | |-------|-------| | Package | @siteboon/claude-code-ui | | Ecosystem | npm | | Affected versions | =...

8.7CVSS6.2AI score0.03433EPSS

Exploits1References5

Github Security Blog•added 2026/03/11 12:37 a.m.•11 views

@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection

9.8CVSS6AI score0.03433EPSS

Exploits1References5Affected Software1

EUVD•added 2026/03/11 12:25 a.m.•3 views

EUVD-2026-11265

@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters...

9.1CVSS5.8AI score0.00437EPSS

Exploits0References2

OSV•added 2026/03/11 12:25 a.m.•1 views

GHSA-F2FC-VC88-6W7Q @siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters

Summary Multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to execute arbitrary OS commands. Details The claudecodeui application provides Git integration through various API...

9.1CVSS6.2AI score0.00437EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by