Lucene search
K

700 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-23742 Malicious code in jest-miranda-child-process-deneb (npm)

The package jest-miranda-child-process-deneb was found to contain malicious code...

7.2AI score
Exploits0
NVD
NVD
added 2025/08/13 5:15 p.m.3 views

CVE-2025-52385

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...

9.8CVSS0.00981EPSS
Exploits0References5
OSV
OSV
added 2025/08/13 5:15 p.m.4 views

CVE-2025-52385

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...

9.8CVSS6.2AI score0.00981EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.3 views

CVE-2025-52385

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...

8.1AI score0.00981EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.1 views

Studio 3T 安全漏洞

Studio 3T is a native cross-platform MongoDB management tool open-sourced by Studio 3T. A security vulnerability exists in Studio 3T 2025.1.0 and earlier versions, which stems from improper handling of a specially crafted payload by the childprocess module and could lead to arbitrary code executi...

9.8CVSS7.4AI score0.00981EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.5 views

PT-2025-33035 · Studio 3T · Studio 3T

Name of the Vulnerable Software and Affected Versions: Studio 3T versions prior to 2025.1.1 Description: An issue allows a remote attacker to execute arbitrary code via a crafted payload to the child process module. Recommendations: Update to version 2025.1.1 or later...

9.8CVSS8.2AI score0.00981EPSS
Exploits0References9
CVE
CVE
added 2025/08/13 12:0 a.m.36 views

CVE-2025-52385

CVE-2025-52385 affects Studio 3T up to 2025.1.0, with a remote code execution vulnerability via a crafted payload to the child_process module in IntelliShell. The issue arises from improper handling allowing an attacker to run arbitrary code; CVSSv3.1 is reported as 9.8 (CRITICAL) with network at...

9.8CVSS8.1AI score0.00981EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/13 12:0 a.m.8 views

CVE-2025-52385

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...

0.00981EPSS
Exploits0References5
OSV
OSV
added 2025/08/12 5:9 p.m.2 views

MAL-2025-6829 Malicious code in tensorflowjs (npm)

Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...

7.6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-23597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given ...

6.5CVSS7.7AI score0.0034EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/07/15 5:6 p.m.22 views

GitHub Kanban MCP Server vulnerable to Command Injection

The MCP Server at https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the tool addcomment which...

9.3CVSS7.7AI score0.01287EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/14 8:30 p.m.9 views

CVE-2025-53818 github-kanban-mcp-server Command Injection vulnerability

GitHub Kanban MCP Server is a Model Context Protocol MCP server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Serv...

9.3CVSS7.2AI score0.01287EPSS
Exploits0References4
Veracode
Veracode
added 2025/07/09 4:36 a.m.6 views

Command Injection

node-code-sandbox-mcp is vulnerable to command injection. The vulnerability is due to the unsanitized use of input parameters within a call to childprocess.execSync, which allows an attacker to inject arbitrary system commands and achieve remote code execution, bypassing sandbox protections...

7.5CVSS7.5AI score0.01053EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/07/08 4:27 p.m.7 views

GHSA-5W57-2CCQ-8W95 Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection

Summary A command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to...

7.5CVSS8AI score0.08088EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.2 views

CVE-2023-23597

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...

6.5CVSS7.7AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 1:27 p.m.34 views

CVE-2025-2857 Incorrect handle could lead to sandbox escapes

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

0.08404EPSS
Exploits6References4
Vulnrichment
Vulnrichment
added 2025/03/27 1:27 p.m.20 views

CVE-2025-2857 Incorrect handle could lead to sandbox escapes

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

7.3AI score0.01894EPSS
Exploits6References4
OSV
OSV
added 2025/01/10 7:16 p.m.15 views

BIT-NODE-MIN-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS7.2AI score0.01387EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/01/09 12:33 a.m.7 views

CVE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS8.1AI score0.01387EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2024/11/19 8:57 a.m.1227 views

Exploit for Improper Authentication in Microsoft

PoC exploit for CVE-2024-49039, a vulnerability in Windows Task...

8.8CVSS9.1AI score0.13719EPSS
Exploits1
Rows per page
Query Builder