Aggregator

CVE-2025-59829 | Anthropic claude-code up to 1.0.119 symlink (GHSA-66m2-gx93-v996)

3 months 1 week ago

A vulnerability categorized as critical has been discovered in Anthropic claude-code up to 1.0.119. The affected element is an unknown function. Executing a manipulation can lead to symlink following. This vulnerability is tracked as CVE-2025-59829. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-59828 | Anthropic claude-code up to 1.0.38 Yarn inclusion of functionality from untrusted control sphere (GHSA-2jjv-qf24-vfm4 / EUVD-2025-31043)

Vuldb Updates

3 months 1 week ago

A vulnerability, which was classified as critical, was found in Anthropic claude-code up to 1.0.38. This impacts an unknown function of the component Yarn. Such manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability is documented as CVE-2025-59828. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

vuldb.com

CVE-2025-59536 | Anthropic claude-code up to 1.0.110 code injection (GHSA-4fgq-fpq9-mr3g / EUVD-2025-32229)

Vuldb Updates

3 months 1 week ago

A vulnerability classified as critical was found in Anthropic claude-code up to 1.0.110. Affected is an unknown function. The manipulation results in code injection. This vulnerability is identified as CVE-2025-59536. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-58764 | Anthropic claude-code up to 1.0.104 code injection (GHSA-qxfv-fcpc-w36x)

Vuldb Updates

3 months 1 week ago

A vulnerability was found in Anthropic claude-code up to 1.0.104. It has been declared as critical. This affects an unknown function. Executing a manipulation can lead to code injection. This vulnerability appears as CVE-2025-58764. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-59041 | Anthropic claude-code up to 1.0.104 code injection (GHSA-j4h9-wv2m-wrf7)

Vuldb Updates

3 months 1 week ago

A vulnerability has been found in Anthropic claude-code up to 1.0.104 and classified as critical. Impacted is an unknown function. This manipulation causes code injection. This vulnerability is registered as CVE-2025-59041. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

vuldb.com

CVE-2025-55284 | Anthropic claude-code up to 1.0.3 os command injection (GHSA-x5gv-jw7f-j6xj)

Vuldb Updates

3 months 1 week ago

A vulnerability categorized as critical has been discovered in Anthropic claude-code up to 1.0.3. Affected by this vulnerability is an unknown functionality. Such manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-55284. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-54795 | Anthropic claude-code up to 1.0.19 os command injection (GHSA-x56v-x2h6-7j34)

Vuldb Updates

3 months 1 week ago

A vulnerability marked as critical has been reported in Anthropic claude-code up to 1.0.19. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-54795. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-54794 | Anthropic claude-code up to 0.2.110 path traversal (GHSA-pmw4-pwvc-3hx2)

Vuldb Updates

3 months 1 week ago

A vulnerability categorized as critical has been discovered in Anthropic claude-code up to 0.2.110. Affected is an unknown function. Such manipulation leads to path traversal. This vulnerability is documented as CVE-2025-54794. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-52882 | Anthropic claude-code up to 1.0.23 missing origin validation in websockets (GHSA-9f65-56v6-gxw7 / EUVD-2025-19068)

Vuldb Updates

3 months 1 week ago

A vulnerability identified as critical has been detected in Anthropic claude-code up to 1.0.23. This affects an unknown function. The manipulation leads to missing origin validation in websockets. This vulnerability is referenced as CVE-2025-52882. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

vuldb.com

新春杯CTF Pwn题目全解析与Exploit实战指南

先知技术社区

3 months 1 week ago

根据源码了解pwn的常见的框架的编写

小行星龙宫含有所有五种核碱基

Solidot

3 months 1 week ago

日本研究团队在《Nature Astronomy》期刊上报告，探测器隼鸟 2 号从小行星龙宫采集的沙粒样本中含有地球生命所需的五种核碱基，再次为小行星陨石将生命所需成分带到地球的假说提供了佐证。隼鸟 2 号探测器于 2018 年造访了小行星龙宫，向其表面发射了两枚金属弹丸——一枚较小，一枚较大——收集了撞击产生的碎片。隼鸟 2 号于 2020 年携带样本返回地球，此后研究人员一直在对其进行分析。日本北海道大学的 Yasuhiro Oba 和同事分析了两个样本，一个来自小行星表面，另一个由弹丸撞击出的地下物质组成。在两个样本中，研究团队都发现了全部五种主要核碱基，核碱基与糖和磷酸结合构成了核酸 DNA 和 RNA。

To Beat Alert Overload, Stop Wasting Time on False Positives

Cyber Security News

3 months 1 week ago

At first glance, false positives in cybersecurity seem almost comforting. An alert fires. A SOC analyst investigates. It turns out to be nothing malicious. Case closed. Systems are safe, detection works, and the organization moves on. In theory, this looks like a healthy process. Better safe than sorry, right? But every false alert consumes time. Every investigation diverts attention from real threats. And every unnecessary escalation chips […]

The post To Beat Alert Overload, Stop Wasting Time on False Positives appeared first on Cyber Security News.

Balaji N

CVE-2025-13406 | Softing Industrial Automation smartLink SW-HT up to 1.43.0 Webserver null pointer dereference (EUVD-2025-208781)

VulDB Recent Entries

3 months 1 week ago

A vulnerability classified as problematic was found in Softing Industrial Automation smartLink SW-HT up to 1.43.0. Affected is an unknown function of the component Webserver Module. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-13406. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

vuldb.com

CVE-2026-3564 | ConnectWise ScreenConnect signature verification (EUVD-2026-12574)

VulDB Recent Entries

3 months 1 week ago

A vulnerability classified as critical has been found in ConnectWise ScreenConnect. This impacts an unknown function. The manipulation leads to improper verification of cryptographic signature. This vulnerability is documented as CVE-2026-3564. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2026-3888 | Canonical Ubuntu Linux up to 2.75.0 snapd /tmp privilege chaining (EUVD-2026-12570)

VulDB Recent Entries

3 months 1 week ago

A vulnerability described as critical has been identified in Canonical Ubuntu Linux up to 2.75.0. This affects an unknown function of the file /tmp of the component snapd. Executing a manipulation can lead to privilege chaining. This vulnerability is registered as CVE-2026-3888. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is recommended.

vuldb.com

CVE-2026-4324 | Red Hat Satellite 6 on Red Katello Plugin /api/hosts/bootc_images sort_by sql injection (EUVD-2026-12572)

VulDB Recent Entries

3 months 1 week ago

A vulnerability marked as critical has been reported in Red Hat Satellite 6 on Red. The impacted element is an unknown function of the file /api/hosts/bootc_images of the component Katello Plugin. Performing a manipulation of the argument sort_by results in sql injection. This vulnerability is cataloged as CVE-2026-4324. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com