Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/03/23 8:52 p.m.3 views

CVE-2026-23882 Blinko: Admin RCE - MCP Server Command Injection

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...

8.6CVSS5.9AI score0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

TP-Link WA850RE 安全漏洞

TP-Link WA850RE is a wireless signal extender from China P&L TP-Link. A security vulnerability exists in the TP-Link WA850RE V2160527 and earlier versions, which originates from a command injection in the httpd module that could lead to the execution of arbitrary commands...

8.5CVSS7.5AI score0.00969EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-10180

Malware in sbrugna...

7.2CVSS6.6AI score0.00507EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-20505

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.01053EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 5:49 p.m.23 views

CVE-2025-53100

The CVE-2025-53100 entry concerns RestDB codehooks-mcp-server (Codehooks.io MCP Server). Before version 0.2.2, the MCP Server tools definition/implementation allow user-initiated remote command injection, enabling a potential attacker to execute commands on a running MCP Server. The issue is stat...

8.6CVSS7.1AI score0.01297EPSS
Exploits0References3
CVE
CVE
added 2025/05/28 1:14 p.m.107 views

CVE-2025-5277

CVE-2025-5277 affects the aws-mcp-server MCP server. The vulnerability is a command injection where an attacker can craft a prompt that, when accessed by the MCP client, will cause arbitrary commands to run on the host. The NVD metrics indicate a CRITICAL impact (CVSSv4.0 9.4; CVSSv3.1 9.6) with ...

9.6CVSS9.7AI score0.01257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/06/14 9:22 a.m.4 views

CVE-2022-32262

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution...

8.8CVSS9.8AI score0.02416EPSS
Exploits0References2
CNVD
CNVD
added 2015/01/30 12:0 a.m.4 views

Symantec Encryption Management Server Local Command Injection Vulnerability

Symantec Encryption Management Server is a single console for managing multiple encryption applications in the PGP platform. A command injection vulnerability exists in Symantec Encryption Management Server's handling of database backup recovery, which could be exploited by a remote attacker to...

9CVSS7.8AI score0.08116EPSS
Exploits1References1
Rows per page
Query Builder