Lucene search
K

30 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in WebApp installations in Google Chrome prior to version 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass the installation dialog through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.3AI score0.00681EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2025-210010

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

5.9AI score0.00068EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.9 views

CVE-2025-26418

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS0.00068EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.11 views

CVE-2025-26418

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

5.9AI score0.00068EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/05 8:52 p.m.9 views

CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 8:52 p.m.58 views

CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS0.00281EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 4:34 p.m.4 views

GHSA-Q5HJ-MXQH-VV77 Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents. By crafting a repository with a commondir file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks...

7.7CVSS5.9AI score0.00281EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/24 4:34 p.m.36 views

Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents. By crafting a repository with a commondir file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks...

8.8CVSS5.6AI score0.00281EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/20 9:16 a.m.14 views

CVE-2026-33068

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

8.8CVSS0.00337EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/19 12:42 p.m.16 views

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set permissions.defaultMode to bypassPermissions in its committed...

8.8CVSS5.9AI score0.00337EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/02 7:16 p.m.7 views

CVE-2026-0020

In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

8.4CVSS5.9AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7410

Malicious code in bioql PyPI...

4.7CVSS5AI score0.00421EPSS
Exploits0References6
OSV
OSV
added 2025/09/24 6:57 p.m.3 views

GHSA-2JJV-QF24-VFM4 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

7.7CVSS7.2AI score0.00341EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.17 views

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. An input validation error vulnerability exists...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/12/05 11:18 a.m.2 views

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

8.8CVSS7.4AI score0.00762EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/12/03 2:5 p.m.3 views

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

8.8CVSS7.4AI score0.00762EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/12/03 1:47 a.m.4 views

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

8.8CVSS7.4AI score0.00762EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/12/02 5:16 p.m.3 views

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

8.8CVSS7.4AI score0.00762EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/12/02 1:57 a.m.4 views

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

8.8CVSS7.4AI score0.00762EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/05/17 1:47 a.m.2 views

SUSE CVE-2023-2726

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.5AI score0.00681EPSS
Exploits0References6
Rows per page
Query Builder