CVE-2025-11491

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-11490

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

Command Injection

Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to Command Injection via the CommandManager class. An attacker can execute arbitrary operating system commands by embedding them command supplied...

CVE-2025-11491

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-11490

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

PT-2025-41300

Name of the Vulnerable Software and Affected Versions wonderwhy-er DesktopCommanderMCP versions up to 0.2.13 Description A flaw exists within the software that allows for operating system command injection. This occurs due to improper handling of commands within the extractBaseCommand function...

Desktop Commander MCP 操作系统命令注入漏洞

Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. An operating system command injection vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from improper manipulation of the function CommandManager in the file src/command-manager.ts...

EUVD-2024-15937

Malicious code in bioql PyPI...

CVE-2024-0138

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

CVE-2024-0139

NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service...

CVE-2024-0139

NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service...

CVE-2024-0139

NVIDIA Base Command Manager and Bright Cluster Manager for Linux are affected by an insecure temporary file handling vulnerability. The issue impacts the CMdaemon component and may allow a local attacker to cause a denial of service (per CVSS: Local vector, High availability impact). Affected pro...

CVE-2024-0139

NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service...

NVIDIA Base Command Manager和NVIDIA Bright Cluster Manager 安全漏洞

NVIDIA Base Command Manager and NVIDIA Bright Cluster Manager are both products of NVIDIA Corporation.NVIDIA Base Command Manager is a base command manager.NVIDIA Bright Cluster Manager is a cluster manager. NVIDIA Bright Cluster Manager is a cluster manager. NVIDIA Bright Cluster Manager is a...

The vulnerability of the CMDaemon component of the NVIDIA Base Command Manager software, which is used for managing workloads and monitoring infrastructure. This vulnerability allows a malicious actor to execute arbitrary code.

The vulnerability of the CMDaemon component of the NVIDIA Base Command Manager software for managing workload and monitoring infrastructure involves the absence of authentication procedures. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-0138

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

NVIDIA Base Command Manager 安全漏洞

NVIDIA Base Command Manager is a base command manager from NVIDIA Corporation. A security vulnerability exists in NVIDIA Base Command Manager that stems from a lack of authentication, successful exploitation of which could lead to code execution, denial of service, privilege escalation, informati...

CVE-2024-0138

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

CVE-2024-0138

NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

CVE-2024-0138

CVE-2024-0138 affects NVIDIA Base Command Manager, specifically the CMDaemon, with a missing authentication vulnerability. Exact impacts listed include code execution, denial of service, privilege escalation, information disclosure, and data tampering. The NVIDIA bulletin states affected versions...