Ralph

3 exploits Active since Oct 2019
CVE-2025-54795 NOMISEC CRITICAL WORKING POC
Anthropic Claude Code < 1.0.20 - OS Command Injection
Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.
CVSS 9.8
CVE-2019-16866 WRITEUP HIGH WRITEUP
Unbound <1.9.4 - Memory Corruption
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVSS 7.5
CVE-2019-18934 WRITEUP HIGH WRITEUP
Unbound <1.9.4 - RCE
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVSS 7.3