Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:30 a.m.13 views

EUVD-2026-34053

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References8
NVD
NVD
added 2026/06/03 12:16 a.m.24 views

CVE-2026-10691

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS0.00354EPSS
Exploits0References9
OSV
OSV
added 2026/06/02 11:30 p.m.3 views

CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References11
CVE
CVE
added 2026/06/02 11:30 p.m.23 views

CVE-2026-10691

CVE-2026-10691 affects wonderwhy-er DesktopCommanderMCP

5.3CVSS5.4AI score0.00354EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/02 11:30 p.m.49 views

CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS0.00354EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/02 11:15 p.m.7 views

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS5.4AI score0.00209EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/02 11:15 p.m.4 views

CVE-2026-10690 wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

5.3CVSS5.6AI score0.00209EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/02 11:15 p.m.51 views

CVE-2026-10690 wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS0.00209EPSS
Exploits0References7
CVE
CVE
added 2026/06/02 11:15 p.m.44 views

CVE-2026-10690

This CVE affects wonderwhy-er DesktopCommanderMCP 0.2.37. The vulnerability is in the readFileFromUrl function (src/tools/filesystem.ts, read_file component) where manipulating the url argument enables server-side request forgery. It can be triggered remotely and an exploit is publicly available....

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/08 7:2 p.m.6 views

CVE-2025-11491 wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

6.5CVSS6.7AI score0.04296EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/08 7:2 p.m.12 views

CVE-2025-11491 wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

6.5CVSS0.04296EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/08 7:2 p.m.5 views

EUVD-2025-33289

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

6.5CVSS6.5AI score0.04296EPSS
Exploits1References6
CVE
CVE
added 2025/10/08 7:2 p.m.24 views

CVE-2025-11491

CVE-2025-11491 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The vulnerability is in CommandManager (src/command-manager.ts) where manipulation enables operating system command injection. Attacks can be initiated remotely, and public exploits exist. Connected sources do not provide a con...

9.8CVSS6.7AI score0.04296EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/10/08 7:2 p.m.5 views

CVE-2025-11491 wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

5.3CVSS6.2AI score0.04296EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/10/08 6:32 p.m.9 views

CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

6.5CVSS6.3AI score0.03542EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/10/08 6:32 p.m.13 views

CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

6.5CVSS0.03542EPSS
Exploits1References6
OSV
OSV
added 2025/10/08 6:32 p.m.3 views

CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

5.3CVSS6AI score0.03542EPSS
Exploits1References8
CVE
CVE
added 2025/10/08 6:32 p.m.18 views

CVE-2025-11490

CVE-2025-11490 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The vulnerability is in the function extractBaseCommand (src/command-manager.ts) of the Absolute Path Handler, enabling remote OS command injection. Public exploit details exist and multiple sources describe exploitation via cr...

9.8CVSS6.5AI score0.03542EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2025/10/08 6:15 p.m.5 views

CVE-2025-11489

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...

7CVSS0.00228EPSS
Exploits1References6
Rows per page
Query Builder