Lucene search
+L

227 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-25428

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00074EPSS
Exploits0References1
OSV
OSV
added 2025/09/03 6:6 p.m.6 views

GHSA-PH6W-F82W-28W6 Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning

When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...

8.7CVSS7.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.10 views

PT-2025-25236 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 0.51.0 Description: The issue allows an attacker to trigger an arbitrary HTTP GET request without user confirmation by writing a JSON file. This could potentially be used to exfiltrate data if a malicious agent gains...

5.9CVSS6.8AI score0.00321EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:44 a.m.7 views

CVE-2024-23330

Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...

5.3CVSS6.7AI score0.00474EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:35 a.m.7 views

CVE-2023-41057

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

5.5CVSS6.8AI score0.00336EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:29 a.m.7 views

CVE-2022-48314

The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality...

6.5CVSS6.9AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:50 p.m.8 views

CVE-2022-30722

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account...

9.8CVSS6.8AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.10 views

CVE-2021-25428

Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances...

7.8CVSS6.7AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 p.m.13 views

CVE-2021-38148

Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs...

9.8CVSS6.9AI score0.01225EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2025/05/19 2:38 p.m.4 views

Astra Linux - уязвимость в firefox, thunderbird

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS 136...

4.3CVSS6.3AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 1:21 a.m.22 views

CVE-2025-43014

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation...

6.5CVSS7AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2025/04/20 3:15 a.m.21 views

UBUNTU-CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

7.8CVSS5.8AI score0.00178EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/04/20 12:0 a.m.56 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

4.1CVSS0.00178EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/04/20 12:0 a.m.9 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

4.1CVSS4.5AI score0.00178EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2025/04/20 12:0 a.m.19 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

7.8CVSS4.9AI score0.00178EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/04/20 12:0 a.m.5 views

PT-2025-17401 · Kitty +1 · Kitty +1

Name of the Vulnerable Software and Affected Versions: kitty versions prior to 0.41.0 Description: The issue concerns the open actions.py script in kitty, which does not request user confirmation before executing a local executable file. This file may have been linked from an untrusted document,...

7.8CVSS4.4AI score0.00178EPSS
Exploits1References22
OSV
OSV
added 2025/04/20 12:0 a.m.29 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

4.1CVSS6.8AI score0.00178EPSS
Exploits1References7
CVE
CVE
added 2025/04/20 12:0 a.m.124 views

CVE-2025-43929

CVE-2025-43929 affects kitty before 0.41.0. The issue arises because open_actions.py does not prompt for user confirmation before executing a local file that could be linked from an untrusted document (e.g., KDE Ghostwriter exports). Affects Kitty component (kitty) with local attack surface; expl...

7.8CVSS7.1AI score0.00178EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/04/17 4:16 p.m.31 views

CVE-2025-43014

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation...

6.5CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:56 p.m.10 views

CVE-2025-43014

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation...

6.1CVSS6.3AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder