Aggregator

CVE-2025-65099 | Anthropic claude-code up to 1.0.38 Yarn code injection (GHSA-5hhx-v7f6-x7gv / EUVD-2025-198179)

Vuldb Updates
3 months 1 week ago
A vulnerability marked as critical has been reported in Anthropic claude-code up to 1.0.38. This impacts an unknown function of the component Yarn. This manipulation causes code injection. This vulnerability is handled as CVE-2025-65099. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-59828 | Anthropic claude-code up to 1.0.38 Yarn inclusion of functionality from untrusted control sphere (GHSA-2jjv-qf24-vfm4 / EUVD-2025-31043)

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as critical, was found in Anthropic claude-code up to 1.0.38. This impacts an unknown function of the component Yarn. Such manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability is documented as CVE-2025-59828. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-55284 | Anthropic claude-code up to 1.0.3 os command injection (GHSA-x5gv-jw7f-j6xj)

Vuldb Updates
3 months 1 week ago
A vulnerability categorized as critical has been discovered in Anthropic claude-code up to 1.0.3. Affected by this vulnerability is an unknown functionality. Such manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-55284. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-52882 | Anthropic claude-code up to 1.0.23 missing origin validation in websockets (GHSA-9f65-56v6-gxw7 / EUVD-2025-19068)

Vuldb Updates
3 months 1 week ago
A vulnerability identified as critical has been detected in Anthropic claude-code up to 1.0.23. This affects an unknown function. The manipulation leads to missing origin validation in websockets. This vulnerability is referenced as CVE-2025-52882. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.
vuldb.com

小行星龙宫含有所有五种核碱基

Solidot
3 months 1 week ago
日本研究团队在《Nature Astronomy》期刊上报告,探测器隼鸟 2 号从小行星龙宫采集的沙粒样本中含有地球生命所需的五种核碱基,再次为小行星陨石将生命所需成分带到地球的假说提供了佐证。隼鸟 2 号探测器于 2018 年造访了小行星龙宫,向其表面发射了两枚金属弹丸——一枚较小,一枚较大——收集了撞击产生的碎片。隼鸟 2 号于 2020 年携带样本返回地球,此后研究人员一直在对其进行分析。日本北海道大学的 Yasuhiro Oba 和同事分析了两个样本,一个来自小行星表面,另一个由弹丸撞击出的地下物质组成。在两个样本中,研究团队都发现了全部五种主要核碱基,核碱基与糖和磷酸结合构成了核酸 DNA 和 RNA。

To Beat Alert Overload, Stop Wasting Time on False Positives 

Cyber Security News
3 months 1 week ago

At first glance, false positives in cybersecurity seem almost comforting.  An alert fires. A SOC analyst investigates. It turns out to be nothing malicious. Case closed. Systems are safe, detection works, and the organization moves on.  In theory, this looks like a healthy process. Better safe than sorry, right?  But every false alert consumes time. Every investigation diverts attention from real threats. And every unnecessary escalation chips […]

The post To Beat Alert Overload, Stop Wasting Time on False Positives  appeared first on Cyber Security News.

Balaji N

CVE-2025-13406 | Softing Industrial Automation smartLink SW-HT up to 1.43.0 Webserver null pointer dereference (EUVD-2025-208781)

VulDB Recent Entries
3 months 1 week ago
A vulnerability classified as problematic was found in Softing Industrial Automation smartLink SW-HT up to 1.43.0. Affected is an unknown function of the component Webserver Module. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-13406. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2026-3888 | Canonical Ubuntu Linux up to 2.75.0 snapd /tmp privilege chaining (EUVD-2026-12570)

VulDB Recent Entries
3 months 1 week ago
A vulnerability described as critical has been identified in Canonical Ubuntu Linux up to 2.75.0. This affects an unknown function of the file /tmp of the component snapd. Executing a manipulation can lead to privilege chaining. This vulnerability is registered as CVE-2026-3888. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-4324 | Red Hat Satellite 6 on Red Katello Plugin /api/hosts/bootc_images sort_by sql injection (EUVD-2026-12572)

VulDB Recent Entries
3 months 1 week ago
A vulnerability marked as critical has been reported in Red Hat Satellite 6 on Red. The impacted element is an unknown function of the file /api/hosts/bootc_images of the component Katello Plugin. Performing a manipulation of the argument sort_by results in sql injection. This vulnerability is cataloged as CVE-2026-4324. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

APT73

Dark Feed IO
3 months 1 week ago

You must login to view this content

cohenido

Managed ad