227 matches found
EUVD-2023-25428
Malicious code in bioql PyPI...
GHSA-PH6W-F82W-28W6 Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning
When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...
PT-2025-25236 · Cursor · Cursor
Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 0.51.0 Description: The issue allows an attacker to trigger an arbitrary HTTP GET request without user confirmation by writing a JSON file. This could potentially be used to exfiltrate data if a malicious agent gains...
CVE-2024-23330
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...
CVE-2023-41057
hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...
CVE-2022-48314
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality...
CVE-2022-30722
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account...
CVE-2021-25428
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances...
CVE-2021-38148
Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs...
Astra Linux - уязвимость в firefox, thunderbird
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS 136...
CVE-2025-43014
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation...
UBUNTU-CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
PT-2025-17401 · Kitty +1 · Kitty +1
Name of the Vulnerable Software and Affected Versions: kitty versions prior to 0.41.0 Description: The issue concerns the open actions.py script in kitty, which does not request user confirmation before executing a local executable file. This file may have been linked from an untrusted document,...
CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
CVE-2025-43929
CVE-2025-43929 affects kitty before 0.41.0. The issue arises because open_actions.py does not prompt for user confirmation before executing a local file that could be linked from an untrusted document (e.g., KDE Ghostwriter exports). Affects Kitty component (kitty) with local attack surface; expl...
CVE-2025-43014
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation...
CVE-2025-43014
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation...