8 matches found
CVE-2026-23882 Blinko: Admin RCE - MCP Server Command Injection
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...
TP-Link WA850RE 安全漏洞
TP-Link WA850RE is a wireless signal extender from China P&L TP-Link. A security vulnerability exists in the TP-Link WA850RE V2160527 and earlier versions, which originates from a command injection in the httpd module that could lead to the execution of arbitrary commands...
EUVD-2019-10180
Malware in sbrugna...
EUVD-2025-20505
Malicious code in bioql PyPI...
CVE-2025-53100
The CVE-2025-53100 entry concerns RestDB codehooks-mcp-server (Codehooks.io MCP Server). Before version 0.2.2, the MCP Server tools definition/implementation allow user-initiated remote command injection, enabling a potential attacker to execute commands on a running MCP Server. The issue is stat...
CVE-2025-5277
CVE-2025-5277 affects the aws-mcp-server MCP server. The vulnerability is a command injection where an attacker can craft a prompt that, when accessed by the MCP client, will cause arbitrary commands to run on the host. The NVD metrics indicate a CRITICAL impact (CVSSv4.0 9.4; CVSSv3.1 9.6) with ...
CVE-2022-32262
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution...
Symantec Encryption Management Server Local Command Injection Vulnerability
Symantec Encryption Management Server is a single console for managing multiple encryption applications in the PGP platform. A command injection vulnerability exists in Symantec Encryption Management Server's handling of database backup recovery, which could be exploited by a remote attacker to...