702 matches found
EUVD-2026-6119
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
CVE-2026-2544
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
CVE-2026-2544
CVE-2026-2544 affects yued-fe LuLu UI up to version 3.0.0. The vulnerability lies in the run.js file’s use of child_process.exec, enabling os command injection via remote attack. Multiple sources confirm the issue and remote exploitability, with vendor contact noted but no response. CVSS scores i...
CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...
LuLu UI 操作系统命令注入漏洞
LuLu UI is a native UI component library developed by yued-fe. Versions of LuLu UI 3.0.0 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the childprocess.exec function in the run.js file, which allowed for command injection via os...
CVE-2026-26029
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
sf-mcp-server 操作系统命令注入漏洞
sf-mcp-server is a context-based protocol server developed by Anton Kutishevsky. sf-mcp-server has an operating system command injection vulnerability. This vulnerability arises from unsafe operations when using childprocess.exec to handle user input, which may lead to command injection attacks...
VulnCheck KEV: CVE-2025-2857
Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001790)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001790 advisory. The copycreds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users...
RCE-Exploit-Tools
RCE Exploit Research Tools Project Overview This repository cont...
CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool
The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...
Serverless Framework 命令注入漏洞
Serverless Framework is a cloud service hosting tool from Serverless open source. A command injection vulnerability exists in Serverless Framework versions 4.29.0 through prior to 4.29.3, which stems from improper cleanup of input parameters to childprocess.exec, which could lead to remote code...
CVE-2023-53940
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...
CVE-2023-53940
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...
CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...
CVE-2023-53940
CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...