1shot (>=0.0.1 <=0.0.9), @4via6/relay (>=1.0.0 <=1.2.0) +363 more potentially affected by CVE-2026-33068 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.52)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 - @arach/hooked =1.1.1 and more Source cves: CVE-2026-33068 Source advisory: OSV:GHSA-MMGP-WC2J-QCV7...

1shot (>=0.0.1 <=0.0.9), @4via6/relay (>=1.0.0 <=1.2.0) +362 more potentially affected by CVE-2026-25725 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.15)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 - @arach/hooked =1.1.1 and more Source cves: CVE-2026-25725 Source advisory: OSV:GHSA-FF64-7W26-62RF...

1shot (>=0.0.1 <=0.0.9), @4via6/relay (>=1.0.0 <=1.2.0) +363 more potentially affected by CVE-2026-25724 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.63)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 - @arach/hooked =1.1.1 and more Source cves: CVE-2026-25724 Source advisory: OSV:GHSA-4Q92-RFM6-2CQX...

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +229 more potentially affected by CVE-2026-25723 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.51)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-25723 Source advisory: OSV:GHSA-MHG7-666J-CQG4...

@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.0.0-broken <=1.58.3) +16 more potentially affected by CVE-2026-24053 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.69)

@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.0.0-broken, =0.0.1-rc.1, =0.12.0, =0.5.2, =0.12.1, =1.1.43, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =0.11.2 - happyzebra-cli =0.11.2 and more Source cves: CVE-2026-24053 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15202063...

@circleci/agents (>=2.13.0-canary.3413b9c <=2.13.2-canary.8150572), @zed-industries/claude-code-acp (>=0.4.2 <=0.4.3) +1 more potentially affected by CVE-2025-59829 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.119)

@anthropic-ai/claude-code NPM version =1.0.108, =2.13.0-canary.3413b9c, =0.4.2, =0.1.51, =0.1.56 Source cves: CVE-2025-59829 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-13299550...

@4via6/relay (>=1.0.0 <=1.1.3), @axonpush/wizard (>=0.0.1 <=0.0.4) +12 more potentially affected by CVE-2025-59536 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.108)

@anthropic-ai/claude-code NPM version =0.2.126, =1.0.0, =0.0.1, =0.0.55, =1.0.0, =0.0.1, =0.0.1, =1.8.0, =0.1.51, =1.4.0, =0.0.1, =0.0.1, =0.0.5 Source cves: CVE-2025-59536 Source advisory: OSV:GHSA-4FGQ-FPQ9-MR3G...

CVE-2025-58370 Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...

Malicious code in code-versions (npm)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: A Vulnerability in Apache Tomcat affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of this vulnerability CVE-2017-6056 could allow a remote attacker to wage a denial of service attack. Vulnerability Details CVEID: CVE-2017-6056 DESCRIPTION: Apach...

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 is susceptible. An exploit of this vulnerability CVE-2017-5638 could allow a remote attacker to execute arbitrary code on the system Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...

Security Bulletin: Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)

Summary A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An attacker could exploit this vulnerability to gain write access to read-only memory mappings and elevated privileges on the system...

Security Bulletin: A vulnerability exists in the restricted shell of the IBM FlashSystem 900

Summary A vulnerability exists in the IBM FlashSystem 900 restricted shell CVE-2021-29873. An exploit of this vulnerability could allow an authenticated attacker to access sensitive information or cause a denial of service. Vulnerability Details CVEID: CVE-2021-29873 DESCRIPTION: IBM Flash System...

Cross site scripting

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

Security Bulletin: A Vulnerability in Java affects the IBM FlashSystem models V840 and V9000

Summary There is a vulnerability in Java to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible CVE-2019-2602. An exploit of CVE-2019-2602 could make the system susceptible to a denial of service attack. Vulnerability Details CVEID: CVE-2019-2602 DESCRIPTION: An unspecified...

Security Bulletin: A vulnerability affects the IBM FlashSystem V840

Summary There is a vulnerability to which the FlashSystem™ V840 is susceptible. An exploit of this vulnerability could make the system subject to an attack where an unauthenticated user could download arbitrary files form the operating system. Vulnerability Details CVEID: CVE-2018-1775 DESCRIPTIO...

shop.pl.txt

Hassan Consulting's Shopping Cart Version 1.x shopping cart issues. Simple Path disclosure, directory transversal with file read ability, and listing of files in all directorys in somecases. Just depends on version of the code. VENDOR of SHOP.pl --^ Multiple holes at various patchlevels...