Apache HTTP Server < 2.4.66 SSI Vulnerability - Linux

Apache HTTP Server is prone to a Server Side Includes SSI vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-66404

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

Arbitrary Command Injection

Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Command Injection via the execinpod tool. An attacker can execute arbitrary commands within Kubernetes pods by supplying crafted input...

GHSA-WVXP-JP4W-W8WG mcp-server-kubernetes has potential security issue in exec_in_pod tool

Summary A security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation sh -c without input validation, allowing shell...

mcp-server-kubernetes has potential security issue in exec_in_pod tool

Summary A security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation sh -c without input validation, allowing shell...

EUVD-2025-201109

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

CVE-2025-66404

The CVE-2025-66404 entry concerns mcp-server-kubernetes. The exec_in_pod tool accepts a string command and passes it to a shell (sh -c) without input validation, enabling shell metacharacters to be interpreted. This creates potential for direct command injection or indirect prompt injection, allo...

CVE-2025-66404 mcp-server-kubernetes potential security issue in exec_in_pod tool

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

CVE-2025-66404 mcp-server-kubernetes potential security issue in exec_in_pod tool

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

RockyLinux 9 : go-rpm-macros (RLSA-2025:22005)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:22005 advisory. os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 Tenable has extracted the preceding description block directly from the RockyLinux...

Command Injection

Overview mcp-docker is a Model Context Protocol server for Docker management with AI assistants Affected versions of this package are vulnerable to Command Injection due to insufficient validation of list-format commands in the dockerexeccommand tool. The dockerexeccommand tool accepts a...

CVE-2025-66219

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...

CVE-2025-66219 willitmerge has a command Injection vulnerability

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...

EUVD-2025-199887

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...

CVE-2025-66219

CVE-2025-66219 affects the willitmerge CLI, specifically versions 0.2.1 and earlier. The root cause is the use of an insecure child-process execution API (exec) that concatenates user-provided input (from command-line flags or repository-controlled data) into shell commands, enabling command inje...

PT-2025-48356

Name of the Vulnerable Software and Affected Versions willitmerge versions 0.2.1 and prior Description willitmerge is a command line tool used to check if pull requests are mergeable. A command injection issue exists because the software uses an insecure child process execution API exec and...

go-rpm-macros security update

An update is available for go-rpm-macros. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package provides build-stage rpm automation to simplify the creati...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Moderate: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...