7.7
CVE-2026-24887 - Claude Code has a Command Injection in find Command Bypasses User Approval Prompt
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted conteβ¦
7.7
CVE-2026-24053 - Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the uβ¦
7.1
CVE-2026-24052 - Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Dβ¦
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocoβ¦
8.8
CVE-2025-65077 - Relative path traversal vulnerability in Embedded Solutions Framework
A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
6.9
CVE-2025-65081 - Out-of-bounds read vulnerability in Postscript interpreter
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
6.9
CVE-2025-65080 - Type confusion vulnerability in Postscript interpreter
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
5.3
CVE-2026-1810 - bolo-blog bolo-solo ZIP File BackupService.java unpackFilteredZip path traversal
A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal. β¦
6.9
CVE-2025-65079 - Heap-based buffer overflow vulnerability in Postscript interpreter
A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
9.2
CVE-2026-1803 - Ziroom ZHOME A0101 Dropbear SSH Service default credentials
A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitability is β¦
7.8
CVE-2026-24149 - Code Injection Vulnerability in NVIDIA Megatron-LM Leading to Code Execution
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.