Lucene search
K

315 matches found

Snyk
Snyk
added 2026/04/16 10:46 p.m.12 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the spawn function. An attacker can execute arbitrary shell commands on the server and access sensitive environment variables, including API keys, authentication secrets, and database credentials, by...

8.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:46 p.m.10 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the spawn function. An attacker can execute arbitrary shell commands on the server and access sensitive environment variables, including API keys, authentication secrets, and database credentials, by...

8.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.5 views

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the getmimetype function. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A fix was pushed into the mast...

9.8CVSS7.8AI score0.02283EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 9:31 p.m.6 views

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Terminal.runcommand function. An attacker can execute arbitrary operating system commands by supplying crafted input to this function. Remediation A fix was push...

9.8CVSS7.8AI score0.02328EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 3:31 a.m.8 views

Arbitrary Command Injection

Overview taskflow-ai is a TaskFlow AI - 智能PRD文档解析与任务管理助手,支持多模型AI协同、MCP编辑器集成,专为开发团队设计的CLI工具 Affected versions of this package are vulnerable to Arbitrary Command Injection via the terminalexecute process in src/mcp/server/handlers.ts. An attacker can execute arbitrary operating system commands by...

6.5CVSS6.8AI score0.0111EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:10 p.m.7 views

Arbitrary Command Injection

Overview @idachev/mcp-javadc is a Model Context Protocol MCP server for Java decompilation Affected versions of this package are vulnerable to Arbitrary Command Injection via the HTTP Interface component when processing the jarFilePath argument. An attacker can execute arbitrary operating system...

7.5CVSS6.1AI score0.01651EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/06 12:30 a.m.2 views

Arbitrary Command Injection

Overview @elgentos/magento2-dev-mcp is a Magento 2 Development MCP Server for AI agents - provides cache management, module tools, and system diagnostics Affected versions of this package are vulnerable to Arbitrary Command Injection via the executeMagerun2Command function. An attacker can execut...

5.3CVSS6.3AI score0.00812EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/06 12:30 a.m.5 views

Arbitrary Command Injection

Overview @nor2/heim-mcp is a MCP to deploy applications Affected versions of this package are vulnerable to Arbitrary Command Injection in the registerTools function of the src/tools.ts file within the newheimapplication/deployheimapplication/deployheimapplicationtocloud component. An attacker ca...

5.3CVSS6.3AI score0.00812EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 6:18 a.m.7 views

Arbitrary Command Injection

Overview pymetasploit3 is an A full-fledged msfrpc library for Metasploit framework. Affected versions of this package are vulnerable to Arbitrary Command Injection via the console.runmodulewithoutput function. An attacker can execute arbitrary commands and manipulate sessions by injecting newlin...

9.8CVSS6AI score0.01923EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/30 9:29 a.m.5 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection in the installmodeldependenciestoenv function. An attacker can execute arbitrary commands by supplying a crafted model artifact containing malicious dependency specifications in the pythonenv.yaml file, which...

10CVSS7.5AI score0.01994EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/26 8:33 p.m.7 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...

8.8CVSS6.6AI score0.02502EPSS
Exploits2References3
Snyk
Snyk
added 2026/03/26 8:33 p.m.3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...

8.8CVSS6.6AI score0.02502EPSS
Exploits2References3
Snyk
Snyk
added 2026/03/20 4:42 p.m.3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the webbrowser.open function. An attacker can execute arbitrary browser command-line options by supplying a URL with leading dashes, potentially causing unintended browser behavior or security bypass...

7.1CVSS6.1AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 10:46 p.m.3 views

Arbitrary Command Injection

Overview kubectl-mcp-tool is an Alias package for kubectl-mcp-server use kubectl-mcp-server instead Affected versions of this package are vulnerable to Arbitrary Command Injection via the runkubectlcommand function in the minimalwrapper.py component. An attacker can execute arbitrary system...

9.8CVSS6.1AI score0.02057EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/11 12:25 a.m.4 views

Arbitrary Command Injection

Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Command Injection in the handling of user-supplied parameters in multiple Git-related API endpoints, including file, branch, message, and commit, which are...

9.1CVSS6.1AI score0.00437EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/03 8:44 p.m.3 views

CVE-2025-13688 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...

6.3CVSS6.2AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 2:23 a.m.95 views

CVE-2026-26331

yt-dlp suffers an arbitrary command injection when using --netrc-cmd (or netrc_cmd) with a malicious URL. Affected versions are from 2023.06.21 up to, but not including, 2026.02.21; the fix in 2026.02.21 validates all netrc machine values and raises on unexpected input. The vulnerability can be e...

8.8CVSS5.6AI score0.01596EPSS
Exploits2References3Affected Software1
Snyk
Snyk
added 2026/02/18 10:42 p.m.3 views

Arbitrary Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Command Injection due to embedding the current working directory path into LLM prompts without sanitization. An attacker can manipulate agent behavior or cause disclosure of...

8.6CVSS5.7AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/12 10:27 p.m.6 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

9.9CVSS6AI score0.0327EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/12 10:27 p.m.6 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

9.9CVSS6AI score0.0327EPSS
Exploits1References2
Rows per page
Query Builder