CVE-2026-2462

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-cd0705c6a7)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-cd0705c6a7 advisory. nginx-mod-naxsi: - Rebuild for 1.28.2 nginx-mod-brotli: - Rebuild for 1.28.2 nginx-mod-fancyindex: - Rebuild for 1.28.2 nginx-mod-modsecurity: - Rebuild for...

Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...

GHSA-66Q4-VFJG-2QHH Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...

CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

CVE-2026-25722

CVE-2026-25722 affects Claude Code prior to version 2.0.57. The root cause is improper validation of directory changes during write operations to protected folders, allowing an attacker to use the cd command to navigate to sensitive directories (e.g., .claude) and bypass write protections to crea...

CVE-2026-25722 Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...

Claude Code 操作系统命令注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.57 contained a vulnerability related to operating system command injection. This vulnerability arose from an inability to properly validate directory changes in conjuncti...

EUVD-2001-1126

Malware in sbrugna...

EUVD-2006-1252

Malware in sbrugna...

EUVD-2025-16506

Malicious code in bioql PyPI...

EUVD-2022-7172

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-20001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository...

EulerOS 2.0 SP11 : perl (EulerOS-SA-2025-1964)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...

CVE-2022-42906

powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs version v9.6, which can be exploited to bypass protection by changing the root folder to /, allowing an attacker to read arbitrary files on the system...

CVE-2023-41793 Path Traversal and Untrusted Upload File

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through 776...

device-mapper-multipath security and bug fix update

0.8.7-20 - Add 0083-multipath.rules-fix-smart-bug-with-failed-valid-path.patch - Add 0084-libmultipath-limit-paths-that-can-get-wwid-from-envi.patch - Change how the installation dir for kpartxid is specified - Resolves: bz 1926147 0.8.7-19 - Fix bugzilla linked to the changes was previously link...

SUSE CVE-2022-20001

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...

CVE-2022-42906

powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...