16 matches found
CVE-2026-21439
badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...
CVE-2026-21439
badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...
CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input
badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...
GHSA-WJPC-4F29-83H3 badkeys vulnerable to ASCII control character injection on console via malformed input
Impact An attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys both --dkim and --dkim-dns, SSH keys --ssh-lines mode, and filenames in various...
Improper Neutralization
Overview badkeys is a Check cryptographic keys for known weaknesses Affected versions of this package are vulnerable to Improper Neutralization of ASCII control characters in the badkeys command-line tool. An attacker can manipulate console output to display misleading or deceptive information by...
CVE-2025-66479
Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the...
CVE-2025-66479
Anthropic Sandbox Runtime (sandbox-runtime) had a flaw where the network sandbox was not properly enforced if no allowed domains were configured, potentially allowing outbound network access from sandboxed processes prior to v0.0.16. A patch is available in v0.0.16; upgrade to 0.0.16 or later for...
CVE-2025-66479 Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing
Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the...
CVE-2025-66479 Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing
Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the...
CVE-2025-66479 Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing
Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the...
Protection Mechanism Failure
Overview @anthropic-ai/sandbox-runtime is an Anthropic Sandbox Runtime ASRT - A general-purpose tool for wrapping security boundaries around arbitrary processes Affected versions of this package are vulnerable to Protection Mechanism Failure due to improper enforcement of network sandboxing in th...
GHSA-9GQJ-5W7C-VX47 Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing
Due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the sandbox policy did not configure any allowed domains. This could allow sandboxed code to make network requests outside of the sandbox. A patch for this was released in v0.0.16. Thank you to...
Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing
Due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the sandbox policy did not configure any allowed domains. This could allow sandboxed code to make network requests outside of the sandbox. A patch for this was released in v0.0.16. Thank you to...
PT-2025-49149
Name of the Vulnerable Software and Affected Versions Anthropic Sandbox Runtime versions prior to 0.0.16 Description Anthropic Sandbox Runtime is a sandboxing tool designed to enforce filesystem and network restrictions on processes. Prior to version 0.0.16, a flaw in the sandboxing logic allowed...
AK-Nord USB-Server-LXL Firmware 安全漏洞
AK-Nord USB-Server-LXL Firmware is a specialized firmware software from the German company AK-Nord. A security vulnerability exists in AK-Nord USB-Server-LXL Firmware version v0.0.16 Build 2023-03-13, which originates from improperly set permissions on the /etc/init.d/lighttpd script, which could...
Kubernetes SIGs Secrets-store-csi-driver path traversal vulnerability
Kubernetes SIGs Secrets-store-csi-driver is a K8s component for storing confidential files based on CSI volumes from the Kubernetes SIGs organization. A security vulnerability exists in Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16, which can be exploited by an attacker to modi...