738 matches found
CVE-2026-3555 Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this...
CVE-2026-3959
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...
WireMCP 操作系统命令注入漏洞
WireMCP is a real-time network traffic analysis tool developed by Koda’s individual developers. WireMCP has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the server.tool function in the Tshark CLI Command Handler component,...
PT-2026-24859
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...
(Pwn2Own) Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of...
GHSA-XC68-RRQC-QGQ3 MCP NMAP Server has an Injection vulnerability
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
MCP NMAP Server has an Injection vulnerability
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview mcp-nmap-server is a MCP server for performing network scanning using NMAP Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the childprocess.exec function in the Nmap CLI Command...
CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
MCP NMAP Server 命令注入漏洞
MCP NMAP Server is a large model context server developed by Phiality’s individual developers. The MCP NMAP Server has a command injection vulnerability, which stems from the command childprocess.exec in the nmap CLI Command Handler component’s src/index.ts file...
PT-2026-22811
Name of the Vulnerable Software and Affected Versions PhialsBasement nmap-mcp-server versions up to bee6d23547d57ae02460022f7c78ac0893092e38 Description A command injection issue exists in the child process.exec function within the Nmap CLI Command Handler component, located in the src/index.ts...
MajorDoMo Remote Command Injection via cycle_execs Race Condition
This module exploits an unauthenticated command injection vulnerability in MajorDoMo's remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs database...
📄 MajorDoMo Remote Command Injection / Race Condition
This Metasploit module exploits an unauthenticated command injection vulnerability in MajorDoMos remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs...
Improper Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the slash-command handler. An attacker can execute privileged commands by sending direct messages to the bot, bypassing intended allowlist or access-group...
EUVD-2019-4905
Malware in sbrugna...
EUVD-2011-1015
Malware in sbrugna...
EUVD-2019-11538
Malware in sbrugna...
EUVD-2021-21032
Malware in sbrugna...
EUVD-2020-6054
Malware in sbrugna...
EUVD-2015-5267
Malware in sbrugna...