700 matches found
MAL-2025-23742 Malicious code in jest-miranda-child-process-deneb (npm)
The package jest-miranda-child-process-deneb was found to contain malicious code...
CVE-2025-52385
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...
CVE-2025-52385
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...
CVE-2025-52385
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...
Studio 3T 安全漏洞
Studio 3T is a native cross-platform MongoDB management tool open-sourced by Studio 3T. A security vulnerability exists in Studio 3T 2025.1.0 and earlier versions, which stems from improper handling of a specially crafted payload by the childprocess module and could lead to arbitrary code executi...
PT-2025-33035 · Studio 3T · Studio 3T
Name of the Vulnerable Software and Affected Versions: Studio 3T versions prior to 2025.1.1 Description: An issue allows a remote attacker to execute arbitrary code via a crafted payload to the child process module. Recommendations: Update to version 2025.1.1 or later...
CVE-2025-52385
CVE-2025-52385 affects Studio 3T up to 2025.1.0, with a remote code execution vulnerability via a crafted payload to the child_process module in IntelliShell. The issue arises from improper handling allowing an attacker to run arbitrary code; CVSSv3.1 is reported as 9.8 (CRITICAL) with network at...
CVE-2025-52385
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the childprocess module...
MAL-2025-6829 Malicious code in tensorflowjs (npm)
Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...
Linux Distros Unpatched Vulnerability : CVE-2023-23597
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given ...
GitHub Kanban MCP Server vulnerable to Command Injection
The MCP Server at https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the tool addcomment which...
CVE-2025-53818 github-kanban-mcp-server Command Injection vulnerability
GitHub Kanban MCP Server is a Model Context Protocol MCP server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Serv...
Command Injection
node-code-sandbox-mcp is vulnerable to command injection. The vulnerability is due to the unsanitized use of input parameters within a call to childprocess.execSync, which allows an attacker to inject arbitrary system commands and achieve remote code execution, bypassing sandbox protections...
GHSA-5W57-2CCQ-8W95 Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection
Summary A command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to...
CVE-2023-23597
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...
CVE-2025-2857 Incorrect handle could lead to sandbox escapes
Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...
CVE-2025-2857 Incorrect handle could lead to sandbox escapes
Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...
BIT-NODE-MIN-2024-27980
Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...
CVE-2024-27980
Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...
Exploit for Improper Authentication in Microsoft
PoC exploit for CVE-2024-49039, a vulnerability in Windows Task...