850 matches found
CVE-2025-11490
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
@iflow-mcp/theycallmeholla-schema-org-mcp (=0.1.0), @wonderwhy-er/desktop-commander (>=0.2.29-alpha.3 <=0.2.29-alpha.4) +2 more potentially affected by CVE-2025-11491 via @wonderwhy-er/desktop-commander (>=0.1.39 <=0.2.41)
@wonderwhy-er/desktop-commander NPM version =0.1.39, =0.2.29-alpha.3, =1.0.0, =1.0.1 - familiar-mcp =0.1.0 Source cves: CVE-2025-11491 Source advisory: SNYK:JS-WONDERWHYERDESKTOPCOMMANDER-13535096...
@iflow-mcp/theycallmeholla-schema-org-mcp (=0.1.0), @wonderwhy-er/desktop-commander (>=0.2.29-alpha.3 <=0.2.29-alpha.4) +2 more potentially affected by CVE-2025-11490 via @wonderwhy-er/desktop-commander (>=0.1.39 <=0.2.41)
@wonderwhy-er/desktop-commander NPM version =0.1.39, =0.2.29-alpha.3, =1.0.0, =1.0.1 - familiar-mcp =0.1.0 Source cves: CVE-2025-11490 Source advisory: SNYK:JS-WONDERWHYERDESKTOPCOMMANDER-13535095...
Command Injection
Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to Command Injection via the extractBaseCommand function. An attacker can execute arbitrary operating system commands by supplying crafted input that ...
CVE-2025-11490
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
@iflow-mcp/theycallmeholla-schema-org-mcp (=0.1.0), @wonderwhy-er/desktop-commander (>=0.2.29-alpha.3 <=0.2.29-alpha.4) +2 more potentially affected by CVE-2025-11489 via @wonderwhy-er/desktop-commander (>=0.1.39 <=0.2.41)
@wonderwhy-er/desktop-commander NPM version =0.1.39, =0.2.29-alpha.3, =1.0.0, =1.0.1 - familiar-mcp =0.1.0 Source cves: CVE-2025-11489 Source advisory: SNYK:JS-WONDERWHYERDESKTOPCOMMANDER-13535094...
UNIX Symbolic Link (Symlink) Following
Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the isPathAllowed function. An attacker can create a symlink inside an allowed directory that points to a...
EUVD-2025-33288
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-11489
CVE-2025-11489 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The issue resides in isPathAllowed (src/tools/filesystem.ts) and enables symbolic link following, with local access required and high attack complexity. Publicly disclosed exploitability is noted; vendor guidance recommends usi...
CVE-2025-11489 wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...
Desktop Commander MCP 安全漏洞
Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from os command injection in the extractBaseCommand function of the src/command-manager.ts file in the Absolute Path...
Desktop Commander MCP 安全漏洞
Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from the operation of the function isPathAllowed in the file src/tools/filesystem.ts that may result in symbolic link...
Desktop Commander MCP 操作系统命令注入漏洞
Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. An operating system command injection vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from improper manipulation of the function CommandManager in the file src/command-manager.ts...
EUVD-2005-4061
Malware in sbrugna...
EUVD-2005-0764
Malware in sbrugna...
EUVD-2021-22990
Malware in sbrugna...
EUVD-2004-1002
Malware in sbrugna...
EUVD-2007-0581
Malware in sbrugna...
EUVD-1999-1318
Malware in sbrugna...
EUVD-2004-1003
Malware in sbrugna...