28 matches found
Arbitrary Code Execution
Claude Code is vulnerable to Arbitrary Code Execution. The vulnerability is due to Yarn plugin execution occurring before the startup trust dialog when running in a project using Yarn 3.0 or above, allowing malicious project plugins to execute code if a user launches Claude Code in an untrusted...
EUVD-2011-1549
Malware in sbrugna...
EUVD-2020-27394
Malware in sbrugna...
CVE-2025-59536
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
Linux Distros Unpatched Vulnerability : CVE-2024-24821
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation ...
PT-2025-5865 · Unknown · Netmod Vpn Client
Name of the Vulnerable Software and Affected Versions: NetMod VPN Client version 5.3.1 Description: The issue arises due to the improper validation of dynamically loaded libraries, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads...
CVE-2020-6244
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...
CVE-2024-24821
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...
CLSA-2023-1695319769 vim: Fix of CVE-2023-4736
CVE-2023-4736: improve search path to avoid run an executable in untrusted dir...
dotnet: RCE under dotnet commands
A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution...
SUSE CVE-2011-1550
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as...
PT-2022-7423 · Gnu Emacs +9 · Gnu Emacs +9
Name of the Vulnerable Software and Affected Versions: GNU Emacs versions through 28.2 Description: The issue is related to the incorrect neutralization of special elements in the lib-src/etags.c component of the ctags program in the EMACS text editor. This can allow an attacker to execute comman...
PT-2022-16856 · Stripe · Stripe Cli
Name of the Vulnerable Software and Affected Versions: Stripe CLI versions prior to 1.7.13 Description: A vulnerability exists in Stripe CLI on Windows when certain commands are run in a directory where an attacker has planted files. The affected commands are stripe login, stripe config -e, strip...
GHSA-FQFH-778M-2V32 GitHub CLI can execute a git binary from the current directory
Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...
CVE-2020-6244
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...
CVE-2020-6244
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...
Code injection
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...
PT-2020-19040 · Sap · Sap Business Client
Name of the Vulnerable Software and Affected Versions: SAP Business Client version 7.0 Description: The issue allows an attacker, after a successful social engineering attack, to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to an...
Wireshark Lua Untrusted Search Path vulnerability
Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...
Wireshark Lua Untrusted Search Path vulnerability
Added: 11/25/2011 CVE: CVE-2011-3360 BID: 49528 OSVDB: 75347 Background Wireshark is a network packet analyzer. Problem A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path. Resolution Upgrade to...