@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39363 via vite-plus (=0.1.11)

vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39363 Source advisory: SNYK:JS-VITEPLUS-15922243...

EUVD-2025-29193

Malicious code in bioql PyPI...

EUVD-2025-29194

Malicious code in bioql PyPI...

GHSA-HJM5-XGJ8-VWJ6 mcp-kubernetes-server has a Command Injection vulnerability

mcp-kubernetes-server does not correctly enforce the --disable-write / --disable-delete protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell...

mcp-kubernetes-server has a Command Injection vulnerability

mcp-kubernetes-server does not correctly enforce the --disable-write / --disable-delete protections when commands are chained. The server only inspects the first token to decide whether an operation is write/delete, which allows a read-like command to be followed by a write action using shell...

CVE-2025-59377

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355...

CVE-2025-59376

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod" command because the first word i.e., "version" is not a write or delete operation...

CVE-2025-59377

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and CVE-2025-53355...

CVE-2025-59377

Summary: CVE-2025-59377 affects feiskyer/mcp-kubernetes-server up to version 0.1.11. The vulnerability is an OS command injection in the /mcp/kubectl path caused by using shell=True when constructing shell commands, enabling injection through provided input. This can lead to remote code execution...

mcp-kubernetes-server 安全漏洞

mcp-kubernetes-server is a Model Context Protocol server for Pengfei Ni Personal Developer. A security vulnerability exists in mcp-kubernetes-server version 0.1.11 and earlier, which stems from an unconsidered chained command that could lead to bypassing write and delete operation restrictions...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the ExperimentalSettings function. An attacker can exploit this issue by accessing unauthorized settings through the System Console. Note: This is only exploitable if the RestrictSystemAdmin setting is true,...

@_unit/unit (>=1.0.44 <=1.0.58), @abtnode/blocklet-services (>=1.16.33 <=1.17.12-beta-20260420-061403-d7b5c4e6) +703 more potentially affected by CVE-2024-52798 via path-to-regexp (>=0.0.2 <=0.1.11)

path-to-regexp NPM version =0.0.2, =1.0.44, =1.16.33, =1.16.33, =16.7.2, =1.0.1, =1.11.282, =1.1.55, =0.1.5-alpha.0, =1.13.0, =1.13.0, =0.25.10, =1.0.31, =1.0.32 and more Source cves: CVE-2024-52798 Source advisory: OSV:GHSA-RHX6-C78J-4Q9W...

MAL-2024-9106 Malicious code in @fdp-tools/helm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bef4a02ea616732eda209303ce418b0fbf07d43995a8ac48bada7b7967f78819 The OpenSSF Package Analysis project identified '@fdp-tools/helm' @ 0.1.11 npm as malicious. It is considered malicious because: - The package...

DEBIAN-CVE-2021-44847

A stack-based buffer overflow in handlerequest function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 caused by an improper length calculation during the handling of received network packets allows remote attackers to crash the process or potentially execute arbitrary code via...

pragmaMX 0.1.11 - modules.php Multiple SQL Injections

pragmaMX 0.1.11 - modules.php Multiple SQL Injections source: https://www.securityfocus.com/bid/41523/info pragmaMX is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow ...