Lucene search
K

315 matches found

Snyk
Snyk
added 2025/09/30 5:1 p.m.4 views

Arbitrary Command Injection

Overview figma-developer-mcp is a Give your coding agent access to your Figma data. Implement designs in any framework in one-shot. Affected versions of this package are vulnerable to Arbitrary Command Injection via the childprocess.exec call using unvalidated user input directly within...

8CVSS7.9AI score0.07417EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 4:15 p.m.5 views

CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...

6.5CVSS6.2AI score0.03316EPSS
Exploits1References3
Snyk
Snyk
added 2025/09/17 9:30 p.m.2 views

Arbitrary Command Injection

Overview @sequa-ai/sequa-mcp is an A proxy for the Model Context Protocol MCP that connects local STDIO with remote MCP servers Affected versions of this package are vulnerable to Arbitrary Command Injection via the redirectToAuthorization function in the OAuth Server Discovery component. An...

6.5CVSS6.8AI score0.01628EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/15 3:31 p.m.4 views

Arbitrary Command Injection

Overview mcp-kubernetes-server is a The mcp-kubernetes-server is a Model Context Protocol MCP server that enables AI assistants to interact with Kubernetes clusters. It serves as a bridge between AI tools like Claude, Cursor, and GitHub Copilot and Kubernetes, translating natural language request...

6.3CVSS7.3AI score0.00281EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/12 11:42 a.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via improper sanitization of parameters in the smart.disk.get process. An attacker can inject arbitrary arguments into the smartctl command by supplying crafted input, potentially leading to the exposure of...

5.7CVSS7.3AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/10 9:37 p.m.3 views

Arbitrary Command Injection

Overview interactive-git-checkout is a CLI for simple branch switching Affected versions of this package are vulnerable to Arbitrary Command Injection due to using exec function without proper input validation or sanitization. An attacker can execute arbitrary system commands by supplying special...

9.8CVSS7.5AI score0.01176EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/08 6:31 p.m.5 views

Arbitrary Command Injection

Overview codeceptjs is a Supercharged End 2 End Testing Framework for NodeJS Affected versions of this package are vulnerable to Arbitrary Command Injection via the emptyFolder function. An attacker can execute arbitrary system commands by supplying crafted input to the directoryPath parameter...

9.8CVSS7.7AI score0.02169EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/19 6:43 p.m.2 views

Arbitrary Command Injection

Overview screenshot-desktop is a Capture a screenshot of your local machine Affected versions of this package are vulnerable to Arbitrary Command Injection via the format option in the Snapshot functions. An attacker can execute arbitrary commands with the privileges of the calling process by...

9.8CVSS7.7AI score0.01479EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/14 12:6 a.m.4 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to untrusted user input being accepted as transformation methods or parameters. An attacker can execute arbitrary commands on the server by supplying crafted input that circumvents safe defaults. Note: Th...

9.2CVSS7.7AI score0.02388EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/05 5:42 p.m.3 views

Arbitrary Command Injection

Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Arbitrary Command Injection via improper input sanitization in the file upload process. An attacker can execute arbitrary commands on the target...

6.9CVSS9.2AI score0.04809EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/05 2:12 p.m.1 views

Arbitrary Command Injection

Overview mcp-package-docs is an An MCP server that provides LLMs with efficient access to package documentation across multiple programming languages Affected versions of this package are vulnerable to Arbitrary Command Injection via unsanitized input passed to the exec function. An attacker can...

7.5CVSS8.2AI score0.08088EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/02 12:45 a.m.5 views

Arbitrary Command Injection

Overview @nestjs/devtools-integration is a Nest - modern, fast, powerful node.js web framework @devtools-integration Affected versions of this package are vulnerable to Arbitrary Command Injection via the inspector/graph/interact endpoint, which accepts JSON input containing a code field and...

9.6CVSS7.9AI score0.43921EPSS
Exploits4References2
Snyk
Snyk
added 2025/08/01 11:42 p.m.3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...

9.8CVSS8.1AI score0.00901EPSS
Exploits5References2
Snyk
Snyk
added 2025/08/01 11:42 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...

9.8CVSS8.1AI score0.00901EPSS
Exploits5References2
Snyk
Snyk
added 2025/08/01 11:42 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...

9.8CVSS8.1AI score0.00901EPSS
Exploits5References2
Snyk
Snyk
added 2025/07/21 2:14 p.m.7 views

Arbitrary Command Injection

Overview @translated/lara-mcp is a Lara API official MCP server Affected versions of this package are vulnerable to Arbitrary Command Injection via the importTmx function in importtmx.ts. An attacker can execute arbitrary system commands by supplying crafted input to the tmxurl parameter, which i...

9.2CVSS8.1AI score0.07792EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/10 12:0 a.m.16 views

CVE-2025-47812

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...

10CVSS0.95343EPSS
Exploits23References4
NVD
NVD
added 2025/07/02 8:15 p.m.11 views

CVE-2025-34079

An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface default port 8443, inject arbitrary commands as externa...

7.8CVSS0.01277EPSS
Exploits2References3
Snyk
Snyk
added 2025/06/30 8:42 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...

9.3CVSS7.9AI score0.00513EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/30 8:42 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...

9.3CVSS8.1AI score0.00513EPSS
Exploits1References2
Rows per page
Query Builder