315 matches found
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the spawn function. An attacker can execute arbitrary shell commands on the server and access sensitive environment variables, including API keys, authentication secrets, and database credentials, by...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the spawn function. An attacker can execute arbitrary shell commands on the server and access sensitive environment variables, including API keys, authentication secrets, and database credentials, by...
Arbitrary Command Injection
Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the getmimetype function. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A fix was pushed into the mast...
Arbitrary Command Injection
Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Terminal.runcommand function. An attacker can execute arbitrary operating system commands by supplying crafted input to this function. Remediation A fix was push...
Arbitrary Command Injection
Overview taskflow-ai is a TaskFlow AI - 智能PRD文档解析与任务管理助手,支持多模型AI协同、MCP编辑器集成,专为开发团队设计的CLI工具 Affected versions of this package are vulnerable to Arbitrary Command Injection via the terminalexecute process in src/mcp/server/handlers.ts. An attacker can execute arbitrary operating system commands by...
Arbitrary Command Injection
Overview @idachev/mcp-javadc is a Model Context Protocol MCP server for Java decompilation Affected versions of this package are vulnerable to Arbitrary Command Injection via the HTTP Interface component when processing the jarFilePath argument. An attacker can execute arbitrary operating system...
Arbitrary Command Injection
Overview @elgentos/magento2-dev-mcp is a Magento 2 Development MCP Server for AI agents - provides cache management, module tools, and system diagnostics Affected versions of this package are vulnerable to Arbitrary Command Injection via the executeMagerun2Command function. An attacker can execut...
Arbitrary Command Injection
Overview @nor2/heim-mcp is a MCP to deploy applications Affected versions of this package are vulnerable to Arbitrary Command Injection in the registerTools function of the src/tools.ts file within the newheimapplication/deployheimapplication/deployheimapplicationtocloud component. An attacker ca...
Arbitrary Command Injection
Overview pymetasploit3 is an A full-fledged msfrpc library for Metasploit framework. Affected versions of this package are vulnerable to Arbitrary Command Injection via the console.runmodulewithoutput function. An attacker can execute arbitrary commands and manipulate sessions by injecting newlin...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection in the installmodeldependenciestoenv function. An attacker can execute arbitrary commands by supplying a crafted model artifact containing malicious dependency specifications in the pythonenv.yaml file, which...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the webbrowser.open function. An attacker can execute arbitrary browser command-line options by supplying a URL with leading dashes, potentially causing unintended browser behavior or security bypass...
Arbitrary Command Injection
Overview kubectl-mcp-tool is an Alias package for kubectl-mcp-server use kubectl-mcp-server instead Affected versions of this package are vulnerable to Arbitrary Command Injection via the runkubectlcommand function in the minimalwrapper.py component. An attacker can execute arbitrary system...
Arbitrary Command Injection
Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Command Injection in the handling of user-supplied parameters in multiple Git-related API endpoints, including file, branch, message, and commit, which are...
CVE-2025-13688 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...
CVE-2026-26331
yt-dlp suffers an arbitrary command injection when using --netrc-cmd (or netrc_cmd) with a malicious URL. Affected versions are from 2023.06.21 up to, but not including, 2026.02.21; the fix in 2026.02.21 validates all netrc machine values and raises on unexpected input. The vulnerability can be e...
Arbitrary Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Command Injection due to embedding the current working directory path into LLM prompts without sanitization. An attacker can manipulate agent behavior or cause disclosure of...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...