yii2-mcp-server has a Command Injection Issue

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

MAL-2026-3226 Malicious code in timesmcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 85630b024b2eb06c5002dd3ac72fa8bf4733f08d34de10bf0eca0851bf2d9f86 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

CVE-2026-7600

ArtMin96 yii2-mcp-server 1.0.2 is affected. The vulnerability resides in the MCP Interface’s src/index.ts, specifically the yii_command_help/yii_execute_command functions, enabling remote os command injection. Attack requires no authentication and can be exploited remotely; an exploit has been pu...

PT-2026-36624

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. T...

PT-2026-36601

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP versions prior to 1.12B01 Description A flaw in the Firmware Update component allows remote OS command injection. The issue exists within the tools diagnostic function located in the /tmp/diagnostic file. This allows a remo...

PT-2026-36552

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii command help/yii execute command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been...

PT-2026-36615

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

PT-2026-36619

A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has...

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-7593

CVE-2026-7593 affects Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. The vulnerability resides in the MCP Interface’s function execute_command (src/index.ts), enabling an attacker to perform OS command injection . Remote exploitation is possible, with public disclosures already availabl...

CVE-2026-7590

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...

CVE-2026-7590

The CVE concerns eyal-gor p_69_branch_monkey_mcp (up to commit 69bc71874ce40050ef45fde5a435855f18af3373) with a vulnerability in the Preview Endpoint. The affected element is an unknown function in branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py; manipulating the dev_script argument...

CVE-2026-7590 eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...

CVE-2026-7590

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...

CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7548

Totolink NR1800X firmware 9.1.0u.6279_B20210910 is affected. Vulnerable component: /cgi-bin/cstecgi.cgi, function sub_41A68C; manipulating the argument setUssd enables remote command injection. Exploit public. CVSS metrics indicate high impact and network-based access with low complexity. Impact ...

CVE-2026-7548 Totolink NR1800X cstecgi.cgi sub_41A68C command injection

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...