CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

NVD•added 2026/03/28 7:16 p.m.•0 views

CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS0.00322EPSS

Exploits0References6

Vulnrichment•added 2026/03/28 6:30 p.m.•1 views

CVE-2026-5007 kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection

5.3CVSS5.7AI score0.00322EPSS

Exploits0References6

ATTACKERKB•added 2026/03/28 6:30 p.m.•2 views

CVE-2026-5007

5.3CVSS5.5AI score0.00322EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2026/03/26 3:14 p.m.•2 views

CVE-2026-4198

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

5.3CVSS5.6AI score0.00322EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:7 p.m.•2 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.1AI score0.00053EPSS

Exploits0References1

EUVD•added 2026/03/24 12:30 a.m.•4 views

EUVD-2026-14588

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

8.5CVSS6.3AI score

Exploits0References4

NVD•added 2026/03/23 10:16 p.m.•1 views

CVE-2026-32907

Rejected reason: This CVE ID has been rejected...

Exploits0

CVE•added 2026/03/23 9:36 p.m.•4 views

CVE-2026-32907

OpenClaw is affected by CVE-2026-32907 in versions prior to 2026.2.19. A local command-injection flaw exists in Windows scheduled task script generation, allowing an attacker who can influence service script generation values to inject unescaped cmd metacharacters into gateway.cmd arguments and a...

6.3AI score

Exploits0

Positive Technologies•added 2026/03/23 12:0 a.m.•2 views

PT-2026-27239

7.8CVSS6.3AI score

Exploits0References5

NVD•added 2026/03/20 7:16 p.m.•2 views

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

5.3CVSS0.00322EPSS

Exploits0References7

Vulnrichment•added 2026/03/20 6:32 p.m.•0 views

CVE-2026-4496 sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection

5.3CVSS5.5AI score0.00322EPSS

Exploits0References7

ATTACKERKB•added 2026/03/20 6:32 p.m.•1 views

CVE-2026-4496

5.3CVSS5.5AI score0.00322EPSS

Exploits0References7

OSV•added 2026/03/19 3:30 a.m.•3 views

GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.1CVSS6AI score0.00053EPSS

Exploits0References5