FastMCP 操作系统命令注入漏洞

FastMCP is a MCP server building software developed by Jeremiah Lowin. Versions of FastMCP prior to 3.2.0 contained an operating system command injection vulnerability. This vulnerability could be exploited when a server name containing a shell metacharacter was used; commands could be executed o...

CVE-2024-9858

There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the...

PT-2022-23177 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 22.2.0 Description: GoCD is a continuous delivery server. The issue arises from inadequate permission restrictions during Windows installations of GoCD server or agent installers outside of the default location. This...

PT-2021-23126 · Unknown +1 · Qutebrowser +1

Name of the Vulnerable Software and Affected Versions: qutebrowser versions 1.7.0 through 2.3.x Description: The issue allows arbitrary code execution via commands such as :spawn or :debug-pyeval when a specially crafted qutebrowserurl: URL is opened with certain applications. Only Windows instal...