Lucene search
K

28 matches found

Veracode
Veracode
added 2026/03/06 11:2 a.m.5 views

Arbitrary Code Execution

Claude Code is vulnerable to Arbitrary Code Execution. The vulnerability is due to Yarn plugin execution occurring before the startup trust dialog when running in a project using Yarn 3.0 or above, allowing malicious project plugins to execute code if a user launches Claude Code in an untrusted...

9.8CVSS6AI score0.0045EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1549

Malware in sbrugna...

6.3CVSS6.1AI score0.00389EPSS
Exploits0References37
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27394

Malware in sbrugna...

7.8CVSS7AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2025/10/03 7:15 a.m.4 views

CVE-2025-59536

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...

8.8CVSS0.30227EPSS
Exploits6References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-24821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation ...

8.8CVSS8.3AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.3 views

PT-2025-5865 · Unknown · Netmod Vpn Client

Name of the Vulnerable Software and Affected Versions: NetMod VPN Client version 5.3.1 Description: The issue arises due to the improper validation of dynamically loaded libraries, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads...

7.3CVSS8.2AI score0.00344EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/05 2:38 p.m.13 views

CVE-2020-6244

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

7.8CVSS6.8AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:22 a.m.6 views

CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

8.8CVSS8.8AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2023/09/21 6:9 p.m.8 views

CLSA-2023-1695319769 vim: Fix of CVE-2023-4736

CVE-2023-4736: improve search path to avoid run an executable in untrusted dir...

7.8CVSS7.3AI score0.00486EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/08/14 3:3 p.m.8 views

dotnet: RCE under dotnet commands

A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution...

7.8CVSS6.2AI score0.02471EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1550

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as...

6.3CVSS6.7AI score0.0035EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/11/27 12:0 a.m.3 views

PT-2022-7423 · Gnu Emacs +9 · Gnu Emacs +9

Name of the Vulnerable Software and Affected Versions: GNU Emacs versions through 28.2 Description: The issue is related to the incorrect neutralization of special elements in the lib-src/etags.c component of the ctags program in the EMACS text editor. This can allow an attacker to execute comman...

9.8CVSS7.6AI score0.01639EPSS
Exploits0References95
Positive Technologies
Positive Technologies
added 2022/03/09 12:0 a.m.7 views

PT-2022-16856 · Stripe · Stripe Cli

Name of the Vulnerable Software and Affected Versions: Stripe CLI versions prior to 1.7.13 Description: A vulnerability exists in Stripe CLI on Windows when certain commands are run in a directory where an attacker has planted files. The affected commands are stripe login, stripe config -e, strip...

7.7CVSS7.7AI score0.00329EPSS
Exploits0References9
OSV
OSV
added 2022/02/11 11:41 p.m.12 views

GHSA-FQFH-778M-2V32 GitHub CLI can execute a git binary from the current directory

Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...

7.1AI score
Exploits0References1
OSV
OSV
added 2020/05/12 6:15 p.m.3 views

CVE-2020-6244

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

7.8CVSS7.1AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2020/05/12 6:15 p.m.25 views

CVE-2020-6244

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

7.8CVSS7.1AI score0.00323EPSS
Exploits0References2
Prion
Prion
added 2020/05/12 6:15 p.m.23 views

Code injection

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

4.4CVSS7.5AI score0.00323EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/12 12:0 a.m.5 views

PT-2020-19040 · Sap · Sap Business Client

Name of the Vulnerable Software and Affected Versions: SAP Business Client version 7.0 Description: The issue allows an attacker, after a successful social engineering attack, to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to an...

7.8CVSS6.9AI score0.00323EPSS
Exploits0References5
Saint
Saint
added 2011/11/25 12:0 a.m.44 views

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

9.3CVSS7.5AI score0.35528EPSS
Exploits9
Saint
Saint
added 2011/11/25 12:0 a.m.38 views

Wireshark Lua Untrusted Search Path vulnerability

Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...

9.3CVSS7.6AI score0.35528EPSS
Exploits9
Rows per page
Query Builder