CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

PT-2025-47513

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Prior to version 1.0.39, Claude Code could be tricked into executing code contained in a project through Yarn plugins before the user accepted the startup trust dialog, when running on a machine...

Debian: Security Advisory (DLA-4371-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : bind9-next (2025-b68f7f541d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b68f7f541d advisory. Update to 9.21.14 rhbz2394406 Security Fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...

[SECURITY] [DLA 4371-1] gst-plugins-base1.0 security update

Debian LTS Advisory DLA-4371-1 [email protected] https://www.debian.org/lts/security/ Jeremy Bícha November 14, 2025 https://wiki.debian.org/LTS Package : gst-plugins-base1.0 Version : 1.18.4-2+deb11u4 CVE ID : CVE-2025-47806 CVE-2025-47807 CVE-2025-47808 Multiple vulnerabilities were...

CLSA-2025-1763139214 gstreamer1-plugins-base: Fix of CVE-2024-47615

CVE-2024-47615: fix OOB-Write in gstparsevorbissetuppacket by validating integer size input to prevent memory corruption...

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28645)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a memory information disclosure...

Adobe Format Plugins Out-of-Bounds Read Vulnerability

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that could be exploited by an attacker to cause code execution in the current user's environment...

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28643)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

Adobe Format Plugins Heap Buffer Overflow Vulnerability (CNVD-2025-28639)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

DLA-4371-1 gst-plugins-base1.0 - security update

Bulletin has no description...

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28644)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

Adobe Format Plugins Memory Misreference Vulnerability

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from a memory misreference vulnerability that can be exploited by attackers to cause memory exposure and information disclosure...

Debian dla-4371 : gir1.2-gst-plugins-base-1.0 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4371 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4371-1 [email protected]...

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28642)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28641)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to disclose sensitive information stored in memory...

Adobe Format Plugins Heap Buffer Overflow Vulnerability

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 3, 2025 to November 9, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! The LFInder Challenge:Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of...

Adobe USD-Fileformat-plugins Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within t...