Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19592 matches found

OSV
OSVadded 2025/10/08 7:15 p.m.3 views

CVE-2025-11491

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

9.8CVSS7AI score
Exploits0References5
NVD
NVDadded 2025/10/08 7:15 p.m.3 views

CVE-2025-11491

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

9.8CVSS0.04354EPSS
Exploits1References5
OSV
OSVadded 2025/10/08 7:15 p.m.2 views

CVE-2025-11490

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

9.8CVSS6.9AI score
Exploits0References6
Cvelist
Cvelistadded 2025/10/08 7:2 p.m.10 views

CVE-2025-11491 wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

6.5CVSS0.04354EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/10/08 7:2 p.m.4 views

CVE-2025-11491 wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

6.5CVSS6.7AI score0.04354EPSS
Exploits1References5
CVE
CVEadded 2025/10/08 7:2 p.m.15 views

CVE-2025-11491

CVE-2025-11491 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The vulnerability is in CommandManager (src/command-manager.ts) where manipulation enables operating system command injection. Attacks can be initiated remotely, and public exploits exist. Connected sources do not provide a con...

9.8CVSS6.7AI score0.04354EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2025/10/08 6:32 p.m.11 views

CVE-2025-11490

CVE-2025-11490 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The vulnerability is in the function extractBaseCommand (src/command-manager.ts) of the Absolute Path Handler, enabling remote OS command injection. Public exploit details exist and multiple sources describe exploitation via cr...

9.8CVSS6.5AI score0.03591EPSS
Exploits1References6Affected Software1
NVD
NVDadded 2025/10/08 6:15 p.m.5 views

CVE-2025-11488

A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This vulnerabilit...

7.5CVSS0.01673EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/10/08 6:2 p.m.2 views

CVE-2025-11488 D-Link DIR-852 HNAP1 command injection

A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This vulnerabilit...

7.5CVSS7.3AI score0.01673EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/08 6:2 p.m.4 views

EUVD-2025-33297

A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This vulnerabilit...

7.5CVSS6.4AI score0.01673EPSS
Exploits0References7
OSV
OSVadded 2025/10/08 5:15 p.m.3 views

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

8CVSS7.8AI score
Exploits0References3
EUVD
EUVDadded 2025/10/08 12:31 a.m.3 views

EUVD-2025-31868

EUVD-2025-31868...

6.5CVSS6.5AI score0.00299EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2025/10/08 12:0 a.m.4 views

PT-2025-41296

Name of the Vulnerable Software and Affected Versions D-Link DIR-852 versions prior to 20251003 Description A flaw exists in D-Link DIR-852. This issue affects an unspecified component of the /HNAP1/ file. Successful manipulation can result in command injection. The attack can be initiated...

7.5CVSS7.1AI score0.01673EPSS
Exploits0References10
CNNVD
CNNVDadded 2025/10/08 12:0 a.m.6 views

Flowise 路径遍历漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A path traversal vulnerability exists in versions prior to Flowise 3.0.8, which stems from unrestricted file path access in WriteFileTool and ReadFileTool, and could lead to arbitrary file reads and writes and remote...

9.9CVSS6.9AI score0.11853EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/10/08 12:0 a.m.4 views

PT-2025-41318

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8 Description Flowise is a drag and drop user interface used to build customized large language model flows. Versions prior to 3.0.8 contain a flaw in the WriteFileTool and ReadFileTool components where file path...

9.9CVSS6.8AI score0.11853EPSS
Exploits1References16
Cvelist
Cvelistadded 2025/10/08 12:0 a.m.8 views

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

8CVSS0.07417EPSS
Exploits0References3
CVE
CVEadded 2025/10/08 12:0 a.m.36 views

CVE-2025-53967

CVE-2025-53967 affects Framelink Figma MCP Server prior to 0.6.3. The vulnerability is a command injection in the MCP server’s input handling, where user-controlled data is interpolated into shell commands (via a curl fallback in fetch-with-retry), enabling an unauthenticated remote attacker to e...

8CVSS7.3AI score0.07417EPSS
Exploits0References3
NVD
NVDadded 2025/10/07 8:15 p.m.3 views

CVE-2025-11407

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgradefilter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could b...

9.8CVSS0.04033EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/10/07 8:2 p.m.8 views

CVE-2025-11407 D-Link DI-7001 MINI upgrade_filter.asp os command injection

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgradefilter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could b...

6.5CVSS6.4AI score0.04033EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 8:2 p.m.4 views

EUVD-2025-32884

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgradefilter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could b...

6.5CVSS6.5AI score0.04033EPSS
Exploits1References5
Rows per page
Query Builder