Lucene search
K

471 matches found

Snyk
Snyk
added 2026/01/21 1:0 a.m.8 views

Insufficiently Protected Credentials

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Insufficiently Protected...

7.5CVSS6.1AI score0.2297EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/01/21 1:0 a.m.10 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +234 more potentially affected by CVE-2026-21852 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.64)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-21852 Source advisory: OSV:GHSA-JH7P-QR78-84P7...

7.5CVSS6AI score0.2297EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/01/21 1:0 a.m.17 views

@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.31.0 <=1.58.1-alpha) +14 more potentially affected by CVE-2026-21852 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.64)

@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.31.0, =0.0.1-rc.1, =0.12.0, =0.5.2, =0.12.1, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =1.0.0, =0.10.2, =0.11.5-2 and more Source cves: CVE-2026-21852 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15046268...

7.5CVSS6AI score0.2297EPSS
Exploits2
OSV
OSV
added 2026/01/21 1:0 a.m.20 views

GHSA-JH7P-QR78-84P7 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...

5.3CVSS5.7AI score0.2297EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/01/21 1:0 a.m.14 views

Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...

7.5CVSS5.6AI score0.2297EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.6 views

Claude Code security vulnerabilities

Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 2.0.65 contained security vulnerabilities. These vulnerabilities stemmed from the project’s loading process, which allowed malicious repositories to leak data before the user confirmed trust...

7.5CVSS6AI score0.2297EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.17 views

PT-2026-3758

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.65 Description A flaw in the project-load flow of Claude Code allows malicious repositories to exfiltrate sensitive data, such as Anthropic API keys, before a user confirms trust. An attacker can achieve this ...

7.5CVSS6.2AI score0.2297EPSS
Exploits2References77
GithubExploit
GithubExploit
added 2026/01/09 11:27 a.m.217 views

ntree

NTREE v2.0 - Neural Tactical Red-Team Exploitation Engine C...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/05 9:46 a.m.149 views

AI-Vuln-Reproduce

AI-Vuln-Reproduce AI Fully Automated Vulnerability Reproducti...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/19 12:0 a.m.15 views

RAPTOR - Autonomous Offensive/Defensive Security Research Framework

RAPTOR is an autonomous offensive/defensive security research framework, based on Claude Code. It empowers security research with agentic workflows and automation. RAPTOR stands for Recursive Autonomous Penetration Testing and Observation Robot...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/11 12:0 a.m.21 views

Automated Penetration Testing with LLM Agents and Classical Planning

While penetration testing plays a vital role in cybersecurity, achieving fully automated, hands-off-the-keyboard execution remains a significant research challenge. In this paper, we introduce the "Planner-Executor-Perceptor PEP" design paradigm and use it to systematically review existing work a...

7.1AI score
Exploits0
CNVD
CNVD
added 2025/12/08 12:0 a.m.2 views

Claude Code Code Execution Vulnerability

Claude Code is a smart endpoint programming assistant that understands code bases and helps improve development efficiency through natural language commands that perform routine tasks, interpret complex code, handle Git workflows, and more, allowing developers to complete coding operations with...

9.8CVSS8.6AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 7:27 p.m.3 views

CVE-2025-66032

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

9.8CVSS7.6AI score0.00628EPSS
Exploits0References4
NVD
NVD
added 2025/12/03 7:15 p.m.4 views

CVE-2025-66032

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

9.8CVSS0.00628EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/03 6:16 p.m.11 views

CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

8.7CVSS0.00628EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 6:16 p.m.4 views

CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

8.7CVSS7.7AI score0.00628EPSS
Exploits0References1
CVE
CVE
added 2025/12/03 6:16 p.m.14 views

CVE-2025-66032

Claude Code (the agentic coding tool) is affected by a vulnerability in versions prior to 1.0.93 where errors in parsing shell commands related to $IFS and short CLI flags allow bypassing the read-only validation and may enable arbitrary code execution. Exploitation requires the attacker to intro...

9.8CVSS7.7AI score0.00628EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/03 6:16 p.m.4 views

CVE-2025-66032 Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

8.7CVSS6.1AI score0.00628EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/03 4:27 p.m.4 views

Arbitrary Argument Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Argument Injection vi...

9.8CVSS8.1AI score0.00628EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/03 4:27 p.m.6 views

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +211 more potentially affected by CVE-2025-66032 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.90)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-66032 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-14176027...

9.8CVSS5.7AI score0.00628EPSS
Exploits0
Rows per page
Query Builder