2696 matches found
Exploit for Missing Authentication for Critical Function in Langflow
CVE-2025-3248: Langflow Unauthenticated RCE Vulnerability Scan...
Lite XL 安全漏洞
Lite XL is a lightweight text editor from lite-xl open source. A security vulnerability exists in Lite XL 2.1.8 and earlier versions, which stems from a failure to clean up shell command constructs in the system.exec function, which could lead to the execution of arbitrary commands...
CVE-2025-63604
A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...
CVE-2025-63604
A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...
CVE-2025-63603
A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...
CVE-2025-63603
A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...
CVE-2025-63603
A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...
CVE-2025-63604
A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...
CVE-2025-63603
MCP Data Science Server 0.1.6 (reading-plus-ai/mcp-server-data-exploration) contains a command injection in safe_eval() (src/mcp_server_ds/server.py:108) where exec() runs user scripts without restricting builtins in globals. This allows execution of arbitrary Python code with full system privile...
HSEC-2025-0006 Private key leak via inherited file descriptor
Private key leak via inherited file descriptor The X.509 key reading function readKeyFile opened a file descriptor to the private key without setting the close-on-exec flag. If a child process is execed at the same time, it would inherit that file descriptor and could read the private key materia...
SUSE CVE-2025-40166
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, and freed only after the GuC confirms completion. However, if the driv...
CVE-2025-40166
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, and freed only after the GuC confirms completion. However, if the driv...
EUVD-2025-176280
Malicious code in spawn-exec-zenobia-ganymede npm...
Malicious code in aurora-exec-nebula-titan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 727d149233b8486494ce40ab83a3e2e4ecf442479f183b3b96baae8f80f59da2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in izar-ora-exec-genomics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d17c4563e99682e42e4eae296514441c01b6f64a6c19ecde3adc967d542d2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in spawn-exec-zenobia-ganymede (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08d195fec77b588ee50726619249d1d77aacd06b4a03966370f3dee0c6edc02d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176166
Malicious code in subduction-exec-redis-gatsby npm...
EUVD-2025-176155
Malicious code in subscription-carina-standard-exec npm...
EUVD-2025-177812
Malicious code in miranda-exec-meissa-terser npm...
EUVD-2025-177347
Malicious code in paleontology-mensa-altair-exec npm...