EUVD-2026-34095

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User'...

Improper Command Restriction

mcp-kubernetes-server is vulnerable to improper command restriction. The vulnerability is due to incomplete validation of chained commands in the implementation of --disable-write and --disable-delete, which allows an attacker to bypass restrictions and execute unauthorized write or delete...

EUVD-2025-29194

Malicious code in bioql PyPI...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...

GHSA-HJM5-XGJ8-VWJ6 mcp-kubernetes-server has a Command Injection vulnerability

mcp-kubernetes-server does not correctly enforce the --disable-write / --disable-delete protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell...

mcp-kubernetes-server has a Command Injection vulnerability

mcp-kubernetes-server does not correctly enforce the --disable-write / --disable-delete protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...

PT-2025-37488

Name of the Vulnerable Software and Affected Versions: feiskyer mcp-kubernetes-server versions through 0.1.11 Description: The software does not properly handle chained commands when using the --disable-write and --disable-delete options. Specifically, it allows commands containing chained...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...

CVE-2025-59376

The CVE-2025-59376 entry concerns feiskyer’s mcp-kubernetes-server (through v0.1.11). The issue is improper handling of chained commands in the --disable-write/--disable-delete logic: commands like kubectl version; kubectl delete pod may bypass restrictions because only the first token is checked...

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

PT-2023-21361 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2 Description: The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the delete file function. Recommendations: For bloofox version 0.5.2, consider disabling the delete...

PT-2023-17369 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical vulnerability was found in the Image Handler component of the affected software, specifically in the /classes/Master.php file, where the path argument is...

PT-2009-3042 · Max · Max.Blog

Name of the Vulnerable Software and Affected Versions: Max.Blog version 1.0.6 Description: The issue concerns improper access restriction in the delete.php file, allowing remote attackers to delete arbitrary blog posts by making a direct request. Recommendations: For Max.Blog version 1.0.6,...