CVE-2026-39850

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...

CVE-2026-39850 Yii 2: Local file inclusion via view parameter name collision

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...

PHP Remote File Inclusion

Overview yiisoft/yii2 is a Yii PHP Framework. Affected versions of this package are vulnerable to PHP Remote File Inclusion via the View::renderPhpFile process. An attacker can access arbitrary files or potentially execute code by supplying a specially crafted file parameter in the $params array,...

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

@kimuson/claude-code-viewer (>=0.4.2 <=0.5.9), @netlify/agent-runner-cli (>=1.31.0 <=1.57.0) +15 more potentially affected by CVE-2026-25722 via @anthropic-ai/claude-code (>=2.0.0 <=2.0.55)

@anthropic-ai/claude-code NPM version =2.0.0, =0.4.2, =1.31.0, =0.0.1-rc.1, =0.12.0, =0.5.2, =0.12.1, =1.1.43, =0.0.0, =0.1.2, =0.11.1, =0.11.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-25722 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-15248352...

EUVD-2026-5637

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

CVE-2026-25723

Claude Code prior to 2.0.55 allowed command validation bypass by piping sed via echo, enabling writes to the .claude directory and paths outside the project when the attacker could run commands with the "accept edits" feature enabled. The issue has been patched in 2.0.55. Affected software: Claud...

Apache Httpd < 2.0.55 : Worker MPM memory leak

A memory leak in the worker MPM would allow remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low from moderate as sucessful...

PT-2005-3030 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP server versions 1.3.x through 1.3.33 Apache HTTP server versions 2.0.x through 2.0.54 Description: A flaw occurs when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a...