Lucene search
K

182 matches found

Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.17 views

PT-2026-6858

Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...

7.7CVSS5.7AI score0.00416EPSS
Exploits0References4
OSV
OSV
added 2026/02/03 7:15 p.m.2 views

GHSA-VHW5-3G5M-8GGF Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

7.1CVSS5.5AI score0.00338EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/03 7:15 p.m.7 views

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

7.4CVSS5.5AI score0.00338EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6464

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...

7.7CVSS5.7AI score0.00464EPSS
Exploits0References4
OSV
OSV
added 2026/01/21 1:0 a.m.20 views

GHSA-JH7P-QR78-84P7 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPICBASEURL...

5.3CVSS5.7AI score0.2297EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.10 views

CVE-2023-50926

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message...

7.5CVSS6.5AI score0.0053EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.6 views

PT-2026-1287

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 25.10.0 through 25.10.0 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 24.04.0 through 24.04.7 Description The software contains an Improper Neutralization of...

6.8CVSS5.3AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/27 12:0 a.m.7 views

PT-2025-53614

Name of the Vulnerable Software and Affected Versions Eigent version 0.0.60 Description Eigent is a multi-agent Workforce platform. A 1-click Remote Code Execution RCE issue exists in version 0.0.60, allowing an attacker to execute arbitrary code on a victim’s machine or server through a specific...

9.3CVSS8AI score0.00488EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.5 views

PT-2025-52770

Name of the Vulnerable Software and Affected Versions Linksys E5600 version 1.1.0.26 Description The Linksys E5600 router firmware version 1.1.0.26 contains a command injection issue in the runtime.macClone function. The issue is triggered via the mc.ip parameter. Recommendations Update to a newe...

9.8CVSS7.4AI score0.01134EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.5 views

PT-2025-52744

Name of the Vulnerable Software and Affected Versions Product Delivery Date for WooCommerce – Lite versions through 2.7.0 Description A security issue exists in Tyche softwares Product Delivery Date for WooCommerce – Lite. The description does not provide specific details about the nature of the...

5.3CVSS6.2AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2025/11/20 9:28 p.m.49 views

GHSA-7MV8-J34Q-VP7Q @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

Due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the...

8.7CVSS7.3AI score0.00394EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.10 views

PT-2025-46290

Name of the Vulnerable Software and Affected Versions GitHub Gist Shortcode Plugin for WordPress versions through 0.2 Description The GitHub Gist Shortcode Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the id parameter of the 'gist' shortcode. Insufficient input...

6.4CVSS5.3AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.6 views

PT-2025-45509

Name of the Vulnerable Software and Affected Versions CrushFTP version 11.3.7 50 Description A stored cross-site scripting XSS issue exists in the CrushFTP Admin Panel, specifically within the Reports / 'Who Created Folder' section. Authenticated attackers who have folder creation permissions can...

4.1CVSS5.7AI score0.00235EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.4 views

PT-2025-45143

Name of the Vulnerable Software and Affected Versions Dell CloudLink versions prior to 8.1.1 Description Dell CloudLink versions prior to 8.1.1 have a flaw that allows a user with elevated privileges to potentially escalate their privileges further or access the database, potentially leading to t...

6.7CVSS6.6AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.5 views

PT-2025-45348

Name of the Vulnerable Software and Affected Versions containerd versions 0.1.0 through 1.7.28 containerd versions 2.0.0-beta.0 through 2.0.6 containerd versions 2.1.0-beta.0 through 2.1.4 containerd versions 2.2.0-beta.0 through 2.2.0-rc.1 Description containerd is an open-source container runti...

7.8CVSS5.8AI score0.00145EPSS
Exploits1References113
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.5 views

PT-2025-43150

Name of the Vulnerable Software and Affected Versions designthemes Solar Energy versions through 3.5 Description The software contains a flaw due to deserialization of untrusted data, which can lead to object injection. Recommendations Versions prior to 3.5 should be updated...

8.8CVSS6.7AI score0.00556EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-2877

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00349EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-55657

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0053EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0483

Malicious code in bioql PyPI...

6.5CVSS5.2AI score0.0056EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27271

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00627EPSS
Exploits0References4
Rows per page
Query Builder