Arbitrary Code Execution.

@anthropic-ai/claude-code is vulnerable to Arbitrary code execution. The vulnerability is due to improper parsing of shell commands involving $IFS and short CLI flags, which allows an attacker to bypass read-only validation and execute arbitrary code by injecting untrusted content into the contex...

Claude Code Code Execution Vulnerability

Claude Code is a smart endpoint programming assistant that understands code bases and helps improve development efficiency through natural language commands that perform routine tasks, interpret complex code, handle Git workflows, and more, allowing developers to complete coding operations with...

Claude Code 命令注入漏洞

Claude Code is a smart endpoint programming assistant that understands code bases and helps improve development efficiency through natural language commands that perform routine tasks, interpret complex code, handle Git workflows, and more, allowing developers to complete coding operations with...

EUVD-1999-1449

Malware in sbrugna...

EUVD-2025-6568

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-37154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - checkbyssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS. This has been...

curl: Unsafe Global IFS Modification in OS400 Shell Script Enables Command Injection and Parsing Flaws (CWE-78/CWE-20)

In the curl source repository, the OS400 initialization script packages/OS400/make-incs.sh modifies the global shell variable IFS Internal Field Separator without local scoping or restoration. This pattern exposes users and CI/CD systems to unintended parsing, command injection, and logic errors ...

CVE-2025-1774

CVE-2025-1774 is a string-encoding vulnerability in NASK - PIB BotSense where an additional field separator character or value can be injected into generated events’ extraData. Affected versions are BotSense before 2.8.0. Root cause: incorrect string encoding that allows extra separators/values t...

WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection Vulnerability

Exploit for php platform in category web applications . Exploit Title: WordPress: Webdorado Spider Event Calendar = 1.4.9 SQL Injection Date: 2015-02-12 Exploit Author: Mateusz Lach Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com Software Link:...

NitroSecurity ESM 8.4.0a - Remote Code Execution

No description provided by source. -- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it was found that...

CVE-1999-1580

CVE-1999-1580 affects SunOS sendmail 5.59–5.65. The bug arises from using popen to process a forwarding host argument, enabling local users to gain root privileges by manipulating the IFS variable and passing crafted values to the -oR option. This creates a local privilege escalation vector. Publ...

CVE-1999-1468

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable...

CVE-1999-1580

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable and passing crafted values to the -oR option...