CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

Automatic Red Teaming LLM-Based Agents with Model Context Protocol Tools

The remarkable capability of large language models LLMs has led to the wide application of LLM-based agents in various domains. To standardize interactions between LLM-based agents and their environments, model context protocol MCP tools have become the de facto standard and are now widely...

ADB MCP Server 安全漏洞

ADB MCP Server is a Model Context Protocol Server by Martin Arellano Personal Developer. A security vulnerability exists in ADB MCP Server version 0.1.0 and earlier, which stems from a command injection vulnerability in the MCP Server tool definition and implementation...

MCP Server Tools Detected

This is an informational notice that the scanner was able to detect the exposition of tools on the target Model Context Protocol MCP server. No source data...

Connect Your AI to Everything: Spring AI's MCP Boot Starters

The Model Context Protocol MCP standardizes how AI applications interact with external tools and resources. Spring joined the MCP ecosystem early as a key contributor, helping to develop and maintain the official MCP Java SDK that serves as the foundation for Java-based MCP implementations...

GHSA-3GCM-F6QX-FF7P Flowise has Remote Code Execution vulnerability

Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...

Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers

Introduction In this article, we explore how the Model Context Protocol MCP — the new "plug-in bus" for AI assistants — can be weaponized as a supply chain foothold. We start with a primer on MCP, map out protocol-level and supply chain attack paths, then walk through a hands-on proof of concept:...

mcp-kubernetes-server 安全漏洞

mcp-kubernetes-server is a Model Context Protocol server for Pengfei Ni Personal Developer. A security vulnerability exists in mcp-kubernetes-server version 0.1.11 and earlier, which stems from an unconsidered chained command that could lead to bypassing write and delete operation restrictions...

Cross-site Scripting (XSS)

Overview @modelcontextprotocol/inspector-client is a Client-side application for the Model Context Protocol inspector Affected versions of this package are vulnerable to Cross-site Scripting XSS via the redirect URI parameter when connecting to an untrusted remote server. An attacker can execute...

aws-mcp-server 操作系统命令注入漏洞

aws-mcp-server is a lightweight service by Alexei Ledenev, a personal developer, that enables AI assistants to execute AWS CLI commands in a secure containerized environment via the Model Context Protocol MCP. An operating system command injection vulnerability exists in versions prior to...

Arbitrary Command Injection

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

MCP SSH Agent 安全漏洞

MCP SSH Agent is an open source Model Context Protocol server for managing and controlling SSH connections from Aionda GmbH. A security vulnerability exists in MCP SSH Agent version 1.0.3 and earlier, which stems from a command injection in the file server-simple.mjs...

Securing and governing the rise of autonomous agents​​

In this blog, you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer CISO for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most...

Securing and governing the rise of autonomous agents​​

In this blog, you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer CISO for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most...

OS Command Injection

Overview @wong2/mcp-cli is an A CLI inspector for the Model Context Protocol Affected versions of this package are vulnerable to OS Command Injection via the redirectToAuthorization function in src/oauth/provider.js. Attackers can setup a MCP server with compatible OAuth authorization server...

Systematic Analysis of MCP Security

The Model Context Protocol MCP has emerged as a universal standard that enables AI agents to seamlessly connect with external tools, significantly enhancing their functionality. However, while MCP brings notable benefits, it also introduces significant vulnerabilities, such as Tool Poisoning...

MCPSecBench: a Systematic Security Benchmark and Playground for Testing Model Context Protocols

Large Language Models LLMs are increasingly integrated into real-world applications via the Model Context Protocol MCP, a universal, open standard for connecting AI agents with data sources and external tools. While MCP enhances the capabilities of LLM-based agents, it also introduces new securit...

CVE-2025-8665

A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os...

The vulnerability of the implementation of the Model Context Protocol (MCP) for the code editor based on artificial intelligence, Cursor, allows a hacker to execute arbitrary code.

The vulnerability of the Model Context Protocol MCP implementation of the artificial intelligence-based code editor involves the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...