21 matches found
GHSA-MHG7-666J-CQG4 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...
Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...
CVE-2026-25723
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...
EUVD-2026-5637
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...
CVE-2026-25723
Claude Code prior to 2.0.55 allowed command validation bypass by piping sed via echo, enabling writes to the .claude directory and paths outside the project when the attacker could run commands with the "accept edits" feature enabled. The issue has been patched in 2.0.55. Affected software: Claud...
PT-2026-6862
Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...
PT-2026-6764
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.55 Description Claude Code, an agentic coding tool, exhibited a flaw in command validation. Specifically, the software did not adequately validate commands utilizing piped sed operations with the echo command...
EUVD-2021-19280
Malware in sbrugna...
EUVD-2025-28138
Malicious code in bioql PyPI...
GHSA-MJ2C-8HXF-FFVQ Cocotais Bot has builtin .echo command injection
Summary A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...
TOTOLINK Wireless Routers Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.', 'Description' = %q Multiple TOTOLINK...
TrendNet TW100-S4W1CA 跨站脚本漏洞
The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site scripting vulnerability exists in TrendNet TW100-S4W1CA version 2.3.32. The vulnerability can be exploited to inject arbitrary JavaScript into the router's web interface via the echo command...
Webmin 1.920 - Remote Code Execution
!/bin/sh CVE-2019-15107 Webmin Unauhenticated Remote Command Execution based on Metasploit module https://www.exploit-db.com/exploits/47230 Original advisory: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html Alternative advisory spanish:...
Netcore Router Udp 53413 Backdoor
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Netcore Router Udp 53413 Backdoor', 'Description' = %q Routers manufactured by Netcore, a popular brand for networking equipmen...
Echo Command Encoder
This encoder uses echo and backlash escapes to avoid commonly restricted characters. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Echo Command Encoder', 'Description' = %q This encoder uses...
Do All in Cmd Shell-vulnerability warning-the black bar safety net
Directory 1, Preface 2, The file transmission 3, The system configuration 4, the network configuration 5, software installation 6, Windows Script 7, The accompanying statement Foreword Cmd Shellcommand line interactionis a hack eternal topic, it is the historic and enduring it. This article is...