Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

35 matches found

RedhatCVE
RedhatCVEadded 2026/04/03 4:59 p.m.4 views

CVE-2026-26927

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

5.1CVSS6.2AI score0.00266EPSS
Exploits0References1
NVD
NVDadded 2026/04/02 2:16 p.m.4 views

CVE-2026-26927

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

5.1CVSS0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.5 views

PT-2026-29741

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

5.1CVSS6.2AI score0.00266EPSS
Exploits0References3
GithubExploit
GithubExploitadded 2026/03/10 5:4 a.m.122 views

Exploit for Code Injection in Anthropic Claude_Code

Claude Code: MCP Tool Confirmation Prompt Misrepresentation !...

8.8CVSS6.2AI score0.29287EPSS
Exploits6
GithubExploit
GithubExploitadded 2026/03/03 12:45 p.m.222 views

Exploit for Code Injection in Anthropic Claude_Code

CVE-PENDING: MCP Tool Confirmation Prompt Misrepresentation in...

8.8CVSS6.2AI score0.29287EPSS
Exploits6
Cvelist
Cvelistadded 2026/02/19 10:24 p.m.20 views

CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS0.00426EPSS
Exploits0References3
OSV
OSVadded 2026/02/19 10:24 p.m.6 views

CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS6AI score0.00426EPSS
Exploits0References5
OSV
OSVadded 2026/02/03 7:33 p.m.2 views

GHSA-QGQW-H4XQ-7W8W Claude Code has a Command Injection in find Command Bypasses User Approval Prompt

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. Users on standard Claude...

7.7CVSS5.8AI score0.00562EPSS
Exploits1References3
Veracode
Veracodeadded 2025/10/23 8:19 a.m.8 views

Improper Input Validation

@anthropic-ai/claude-code is vulnerable to Improper Input Validation. The vulnerability is due to an error in command parsing that allows an attacker to bypass the confirmation prompt and trigger execution of untrusted commands by injecting malicious content into a Claude Code context window...

9.8CVSS7.5AI score0.00512EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2019-18162

Malware in sbrugna...

7.5CVSS6.1AI score0.01222EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-7442

Malicious code in bioql PyPI...

7.1CVSS5.5AI score0.0023EPSS
Exploits0References2
CVE
CVEadded 2025/09/10 3:6 p.m.17 views

CVE-2025-58764

Summary for CVE-2025-58764 (Claude Code): A command-parsing error in Claude Code allowed bypassing the confirmation prompt and executing an untrusted command when an attacker can inject untrusted content into a Claude Code context window. This affects versions prior to 1.0.105. Exploitation requi...

9.8CVSS6.5AI score0.00512EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/09/10 12:0 a.m.5 views

PT-2025-37055

Name of the Vulnerable Software and Affected Versions: Claude Code versions prior to 1.0.105 Description: Claude Code is an agentic coding tool. A flaw in command parsing allowed a bypass of the Claude Code confirmation prompt, potentially triggering the execution of untrusted commands...

8.7CVSS6.7AI score0.00512EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/08/02 12:0 a.m.6 views

PT-2025-31835

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.20 Claude Code versions prior to 1.0.24 Description Claude Code is an agentic coding tool. An error in command parsing allows bypassing the confirmation prompt, leading to the execution of untrusted commands...

10CVSS6AI score0.00944EPSS
Exploits0References29
RedhatCVE
RedhatCVEadded 2025/05/23 4:35 a.m.5 views

CVE-2023-41057

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

5.5CVSS6.8AI score0.00336EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/05/23 1:19 a.m.7 views

CVE-2022-3750

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation...

4.7CVSS6.9AI score0.00355EPSS
Exploits1References1
SUSE CVE
SUSE CVEadded 2025/03/07 2:38 a.m.3 views

SUSE CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136...

7.1CVSS6AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/03/04 4:57 p.m.14 views

CVE-2025-1940

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly...

5.4CVSS6.2AI score0.0023EPSS
Exploits0References5
AlpineLinux
AlpineLinuxadded 2025/03/04 2:15 p.m.3 views

CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 136...

7.1CVSS6AI score0.0023EPSS
Exploits0References2
NVD
NVDadded 2025/03/04 2:15 p.m.8 views

CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136...

7.1CVSS0.0023EPSS
Exploits0References2
Rows per page
Query Builder