Lucene search
K

321 matches found

Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.8 views

PT-2026-33758

Name of the Vulnerable Software and Affected Versions gnu sed versions prior to 4.10 Description A race condition exists when the software is invoked with both -i in-place edit and --follow-symlinks. The function open next file performs two separate, non-atomic filesystem operations on the same...

2.1CVSS5.5AI score0.00142EPSS
Exploits0References35
UbuntuCve
UbuntuCve
added 2026/04/19 12:0 a.m.10 views

CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References2
Veracode
Veracode
added 2026/02/17 10:55 a.m.11 views

Command Validation Bypass

@anthropic-ai/claude-code is vulnerable to command validation bypass. The vulnerability is due to improper validation of piped sed operations with the echo command, which allows an attacker to bypass file write restrictions and write to sensitive directories when the “accept edits” feature is...

7.7CVSS5.6AI score0.00264EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/02/10 1:34 a.m.8 views

[SECURITY] Fedora 43 Update: sad-0.4.32-4.fc43

Space Age seD - Batch File Edit tool. It will show you a really nice diff of proposed changes before you commit them...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.7 views

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

7.7CVSS5.5AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 7:4 p.m.6 views

GHSA-MHG7-666J-CQG4 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...

7.7CVSS5.6AI score0.00264EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/06 7:4 p.m.12 views

Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...

7.7CVSS5.6AI score0.00264EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/06 6:15 p.m.8 views

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

7.7CVSS0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 5:52 p.m.7 views

EUVD-2026-5637

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

7.7CVSS5.5AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 5:52 p.m.5 views

CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

7.7CVSS5.5AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 5:52 p.m.58 views

CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

7.7CVSS0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 5:52 p.m.4 views

CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

7.7CVSS5.9AI score0.00264EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 5:52 p.m.5 views

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

7.7CVSS5.6AI score0.00264EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/06 5:52 p.m.41 views

CVE-2026-25723

Claude Code prior to 2.0.55 allowed command validation bypass by piping sed via echo, enabling writes to the .claude directory and paths outside the project when the attacker could run commands with the "accept edits" feature enabled. The issue has been patched in 2.0.55. Affected software: Claud...

7.7CVSS5.6AI score0.00264EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.11 views

PT-2026-6862

Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...

7.7CVSS5.7AI score0.00264EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

Claude Code 操作系统命令注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.55 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient validation of commands that utilized the echo...

7.7CVSS5.8AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.13 views

PT-2026-6764

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.55 Description Claude Code, an agentic coding tool, exhibited a flaw in command validation. Specifically, the software did not adequately validate commands utilizing piped sed operations with the echo command...

7.7CVSS5.7AI score0.00264EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 7 : httpd-2.4.6-99.1.0.7.el7.AXS7 (AXSA:2025-9722:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9722:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security fixes: - CVE-2022-30522: fix possible DoS CVEs: CVE-2022-30522 If Apache...

7.5CVSS8AI score0.90407EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/22 1:17 a.m.6 views

CVE-2025-64755

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31...

9.8CVSS7.3AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 2:15 a.m.13 views

CVE-2025-64755

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31...

9.8CVSS0.00403EPSS
Exploits0References1
Rows per page
Query Builder