CVE-2026-2208

WeKan up to version 8.20 contains a vulnerability in the Rules Handler, specifically an unknown function within server/publications/rules.js that allows missing authorization. The issue can be exploited remotely, enabling an attacker to access without proper authorization. It is mitigated by upda...

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the Rules Handler component’s file server/publications/rules.js file, which could lead to lack of...

PT-2026-6947

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.21 Description A security issue exists in WeKan related to missing authorization within the Rules Handler component. The problem resides in an unknown function of the file server/publications/rules.js. This can be...

CVE-2026-25724

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...

Antrea has invalid enforcement order for network policy rules caused by integer overflow

Impact Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. If a user creates ...

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

Claude Code has Permission Deny Bypass Through Symbolic Links

Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...

CVE-2026-25724

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...

CVE-2026-25724

Claude Code has a permission-deny bypass flaw via symbolic links. Prior to version 2.1.7, if access to a file (e.g., /etc/passwd) was denied but Claude Code could reach a symlink to that file, the tool could read the restricted file without enforcing the deny rule. The issue has been patched in v...

CVE-2026-25724

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...

CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...

EUVD-2026-5614

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...

CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a...

Claude Code 授权问题漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.1.7 had an authorization issue vulnerability. This vulnerability occurred due to the failure to strictly enforce the denial rules configured in settings.json when accessing...

PT-2026-6850

Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude...

PT-2026-6765

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.7 Description Claude Code, an agentic coding tool, did not properly enforce deny rules defined in the settings.json file when handling symbolic links. Specifically, if access to a file like /etc/passwd was...

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are

ICE has used Mobile Fortify to identify immigrants and citizens alike over 100,000 times, by one estimate. It wasn't built to work like that—and only got approved after DHS abandoned its own privacy rules...

CVE-2025-15260

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...

WordPress MyRewards plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin MyRewards versions = 5.6.1...

CVE-2025-15260

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...