16 matches found
Exploit for Code Injection in Anthropic Claude_Code
CVE-2025-59536 - the startup trust dialog implementation. Clau...
Exploit for Code Injection in Anthropic Claude_Code
CVE-2025-59536 - the startup trust dialog implementation. Clau...
CVE-2026-24052
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...
CVE-2026-24052
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...
CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...
EUVD-2026-5172
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...
Claude Code 输入验证错误漏洞
Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 1.0.111 contained a vulnerability related to input validation errors. This vulnerability stemmed from the insufficient URL validation in the trusted domain verification mechanism of WebFetch...
PT-2026-6186
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111 Description Claude Code, an agentic coding tool, had a flaw in how it checked the trustworthiness of web addresses when making WebFetch requests. The application used a startsWith function to confirm trust...
EUVD-2025-32229
Malicious code in bioql PyPI...
CVE-2025-59536
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
CVE-2025-59536
Claude Code (Anthropic) versions before 1.0.111 are vulnerable to code injection due to a flaw in the startup trust dialog. An attacker could trick a user into starting Claude Code in an untrusted project directory, causing code from that project to execute before the user accepts the startup tru...
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
PT-2025-40458
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111 Description Claude Code is an agentic coding tool. A bug in the startup trust dialog implementation allows for code injection, where the tool could be tricked into executing code contained within a project...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when PDFStreamForResponse is used with invalid data. PoC js hummus = require'muhammara' writer = new hummus.PDFStreamForResponsenull writer = hummus.createWriterwriter writer.end Details Denial of Service DoS...