Lucene search
K

165 matches found

RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.4 views

CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS5.5AI score0.00647EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/29 4:30 a.m.6 views

EUVD-2026-16966

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

5.3CVSS5.5AI score0.00647EPSS
Exploits0References6
NVD
NVD
added 2026/03/29 2:16 a.m.8 views

CVE-2026-5023

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

5.3CVSS0.00647EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/29 2:0 a.m.36 views

CVE-2026-5023 DeDeveloper23 codebase-mcp RepoMix codebase.ts saveCodebase os command injection

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

5.3CVSS0.00647EPSS
Exploits0References5
NVD
NVD
added 2026/03/28 7:16 p.m.5 views

CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS0.00647EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/28 6:30 p.m.2 views

CVE-2026-5007 kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS5.7AI score0.00647EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/28 6:30 p.m.3 views

CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS5.5AI score0.00647EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.5 views

CVE-2026-4198

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

5.3CVSS5.6AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.1AI score0.00571EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 a.m.9 views

EUVD-2026-14588

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

8.5CVSS6.3AI score
Exploits0References4
NVD
NVD
added 2026/03/23 10:16 p.m.3 views

CVE-2026-32907

Rejected reason: This CVE ID has been rejected...

Exploits0
CVE
CVE
added 2026/03/23 9:36 p.m.10 views

CVE-2026-32907

OpenClaw is affected by CVE-2026-32907 in versions prior to 2026.2.19. A local command-injection flaw exists in Windows scheduled task script generation, allowing an attacker who can influence service script generation values to inject unescaped cmd metacharacters into gateway.cmd arguments and a...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27239

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

7.8CVSS6.3AI score
Exploits0References5
NVD
NVD
added 2026/03/20 7:16 p.m.4 views

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

5.3CVSS0.00697EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/20 6:32 p.m.4 views

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

5.3CVSS5.5AI score0.00697EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/20 6:32 p.m.1 views

CVE-2026-4496 sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

5.3CVSS5.5AI score0.00697EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.4 views

Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.8CVSS6AI score0.00571EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.1CVSS6AI score0.00571EPSS
Exploits0References5
OSV
OSV
added 2026/03/19 2:16 a.m.3 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2026/03/19 2:16 a.m.10 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS0.00571EPSS
Exploits0References3
Rows per page
Query Builder