5 matches found
Command Injection
adb-mcp Server is vulnerable to Command Injection. The vulnerability is due to improper handling of user-supplied input in certain MCP Server tool definitions and implementations, which allows an attacker to inject and execute arbitrary system commands...
EUVD-2025-31042
Malicious code in bioql PyPI...
CVE-2025-59834
CVE-2025-59834 affects the adb-mcp MCP Server. The vulnerability stems from constructing shell commands by concatenating untrusted input (notably the device parameter) in executeAdbCommand, enabling remote command injection via the MCP Server tool definitions (e.g., inspect_ui). The issue impacts...
CVE-2025-59834 Command Injection in adb-mcp MCP Server
ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...
Command Injection in adb-mcp MCP Server
Command Injection in adb-mcp MCP Server The MCP Server at https://github.com/srmorete/adb-mcp is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server is also published publicly to npm at...