Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.19 views

Anthropic Claude Code 0.2.54 < 2.1.163 Data Exfiltration (CVE-2026-54316)

The version of Anthropic Claude Code installed on the remote host is 0.2.54 prior to 2.1.163. It is, therefore, affected by a data exfiltration vulnerability. - Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain including...

9.1CVSS6.1AI score0.00403EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/24 5:32 a.m.10 views

Out Of Band Data Exfiltration

Claude Code is vulnerable to Out-of-Band Data Exfiltration. The vulnerability is due to the pre-approval of the hostname huggingface.co as a bare hostname for the WebFetch tool, where any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 5:6 p.m.33 views

CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

6CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 5:6 p.m.39 views

CVE-2026-54316

CVE-2026-54316 (Claude Code) affects Claude Code versions 0.2.54–2.1.162, fixed in 2.1.163. The WebFetch tool allowed any path on the pre-approved domain huggingface.co, enabling an attacker-controlled repository path to be fetched without prompts or --allowedTools restrictions. If an attacker ca...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/17 6:6 p.m.7 views

Covert Storage Channel

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Covert Storage Channel via the...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50594

Name of the Vulnerable Software and Affected Versions Claude Code versions 0.2.54 through 2.1.162 Description The WebFetch tool pre-approved the hostname 'huggingface.co' as a bare hostname, allowing any path on that domain to be auto-approved without a permission prompt or restrictions from...

6CVSS5.9AI score0.00403EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

nanobot 代码问题漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from issues with server-side request forgeing in the webFetch tool. This could allow remote attackers to access...

5.3CVSS5.5AI score0.00287EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.8 views

Tencent WeKnora 代码问题漏洞

Tencent WeKnora is a LLM-based framework developed by Tencent China. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Versions of Tencent WeKnora prior to 0.3.0 contained code vulnerabilities. These vulnerabilities were caused by a DNS...

7.5CVSS7.4AI score0.00355EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/03 8:49 p.m.7 views

EUVD-2026-5172

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...

7.1CVSS5.4AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 8:49 p.m.29 views

CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...

7.1CVSS0.00338EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 8:49 p.m.19 views

CVE-2026-24052

Summary: CVE-2026-24052 affects Claude Code prior to 1.0.111, where URL validation in the trusted-domain check for WebFetch used a startsWith() approach, allowing crafted domains (e.g., modelcontextprotocol.io.example.com) to bypass validation and potentially cause automatic requests to attacker‑...

7.4CVSS5.4AI score0.00338EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-6486

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

7.4CVSS5.6AI score0.00338EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/16 12:46 p.m.5 views

CVE-2026-0616

TheLibrarians webfetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions...

7.5CVSS5.7AI score0.00342EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

The Librarian security vulnerability

The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from an internal port scanning vulnerability in the webFetch tool. This vulnerability may allow scanning of internal IP addresses and services...

7.5CVSS6AI score0.00373EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

The Librarian security vulnerability

The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from the webFetch tool’s ability to retrieve Supervisory Server status pages, potentially leading to the exposure of backend running processes...

7.3CVSS6AI score0.00249EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

The Librarian security vulnerability

The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from an information leakage issue in the webFetch tool. This vulnerability could potentially be exploited to make requests through the The...

7.5CVSS6AI score0.00342EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

The Librarian security vulnerability

The Librarian is a personal AI assistant software developed by The Librarian Company in Singapore. The Librarian has a security vulnerability, which stems from the webFetch tool’s ability to retrieve content from the Adminer interface, potentially allowing access to internal backend systems...

7.5CVSS6AI score0.00342EPSS
Exploits0References3
Rows per page
Query Builder