Malicious code in @jonusnattapong/claudecode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a08b3e13079279fb9dce40859dd868b0953bec139996eb7ac915a7dc415b29c Package is a third-party reconstruction of Anthropic's Claude Code CLI that misrepresents itself as the official product. package.json describes itse...

CVE-2021-47942 Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...

CVE-2026-41246

A flaw was found in Contour, a Kubernetes ingress controller. An attacker with Role-Based Access Control RBAC permissions to manage HTTPProxy resources can exploit a Lua code injection vulnerability within Contour's Cookie Rewriting feature. By crafting a malicious value in specific configuration...

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

VulnCheck KEV: CVE-2023-31059

Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php...