TreRB

3 exploits Active since Jun 2025
CVE-2025-32711 NOMISEC CRITICAL WORKING POC
Microsoft 365 Copilot - Command Injection
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS 9.3
CVE-2025-59536 NOMISEC HIGH SCANNER
Anthropic Claude Code < 1.0.111 - Code Injection
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
CVSS 8.8
CVE-2026-21852 NOMISEC HIGH SCANNER
Anthropic Claude Code < 2.0.65 - Insufficiently Protected Credentials
Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version.
CVSS 7.5