237 matches found
EUVD-2022-44270
Malicious code in bioql PyPI...
EUVD-2025-17326
Malicious code in bioql PyPI...
EUVD-2022-44233
Malicious code in bioql PyPI...
EUVD-2022-44256
Malicious code in bioql PyPI...
EUVD-2022-44238
Malicious code in bioql PyPI...
CVE-2025-58764
Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claud...
CVE-2025-58370
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...
CVE-2025-58370
Roo Code (AI-powered coding agent) versions prior to 3.26.0 contain a vulnerability in the command parsing logic where Bash parameter expansion and indirect references are not handled correctly. If prompts allow auto-approval of commands, an attacker who can influence prompts could cause the agen...
CVE-2025-58370 Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...
PT-2025-36338
Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.26.0 Description: Roo Code is an AI-powered autonomous coding agent. A weakness exists in the command parsing logic due to incorrect handling of Bash parameter expansion and indirect reference. If the agent was...
PT-2025-31835
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.20 Claude Code versions prior to 1.0.24 Description Claude Code is an agentic coding tool. An error in command parsing allows bypassing the confirmation prompt, leading to the execution of untrusted commands...
CVE-2025-5747
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this...
CVE-2025-5747 WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this...
CVE-2025-5747
CVE-2025-5747 affects WOLFBOX Level 2 EV Charger MCU command parsing. The flaw is in how command frames are parsed: the process fails to reliably detect the start of a frame, enabling misinterpretation of input. This can allow network-adjacent attackers to execute arbitrary code within the device...
CVE-2025-5747 WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this...
CVE-2024-20843
Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code...
CVE-2022-20221
In avrcctrlparsvendorcmd of avrcparsct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-39202
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...
RockyLinux 9 : traceroute (RLSA-2024:2483)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2483 advisory. traceroute: improper command line parsing CVE-2023-46316 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Not...
(Pwn2Own) Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT commands...