315 matches found
Arbitrary Command Injection
Overview figma-developer-mcp is a Give your coding agent access to your Figma data. Implement designs in any framework in one-shot. Affected versions of this package are vulnerable to Arbitrary Command Injection via the childprocess.exec call using unvalidated user input directly within...
CVE-2025-57296
Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...
Arbitrary Command Injection
Overview @sequa-ai/sequa-mcp is an A proxy for the Model Context Protocol MCP that connects local STDIO with remote MCP servers Affected versions of this package are vulnerable to Arbitrary Command Injection via the redirectToAuthorization function in the OAuth Server Discovery component. An...
Arbitrary Command Injection
Overview mcp-kubernetes-server is a The mcp-kubernetes-server is a Model Context Protocol MCP server that enables AI assistants to interact with Kubernetes clusters. It serves as a bridge between AI tools like Claude, Cursor, and GitHub Copilot and Kubernetes, translating natural language request...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via improper sanitization of parameters in the smart.disk.get process. An attacker can inject arbitrary arguments into the smartctl command by supplying crafted input, potentially leading to the exposure of...
Arbitrary Command Injection
Overview interactive-git-checkout is a CLI for simple branch switching Affected versions of this package are vulnerable to Arbitrary Command Injection due to using exec function without proper input validation or sanitization. An attacker can execute arbitrary system commands by supplying special...
Arbitrary Command Injection
Overview codeceptjs is a Supercharged End 2 End Testing Framework for NodeJS Affected versions of this package are vulnerable to Arbitrary Command Injection via the emptyFolder function. An attacker can execute arbitrary system commands by supplying crafted input to the directoryPath parameter...
Arbitrary Command Injection
Overview screenshot-desktop is a Capture a screenshot of your local machine Affected versions of this package are vulnerable to Arbitrary Command Injection via the format option in the Snapshot functions. An attacker can execute arbitrary commands with the privileges of the calling process by...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to untrusted user input being accepted as transformation methods or parameters. An attacker can execute arbitrary commands on the server by supplying crafted input that circumvents safe defaults. Note: Th...
Arbitrary Command Injection
Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Arbitrary Command Injection via improper input sanitization in the file upload process. An attacker can execute arbitrary commands on the target...
Arbitrary Command Injection
Overview mcp-package-docs is an An MCP server that provides LLMs with efficient access to package documentation across multiple programming languages Affected versions of this package are vulnerable to Arbitrary Command Injection via unsanitized input passed to the exec function. An attacker can...
Arbitrary Command Injection
Overview @nestjs/devtools-integration is a Nest - modern, fast, powerful node.js web framework @devtools-integration Affected versions of this package are vulnerable to Arbitrary Command Injection via the inspector/graph/interact endpoint, which accepts JSON input containing a code field and...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...
Arbitrary Command Injection
Overview @translated/lara-mcp is a Lara API official MCP server Affected versions of this package are vulnerable to Arbitrary Command Injection via the importTmx function in importtmx.ts. An attacker can execute arbitrary system commands by supplying crafted input to the tmxurl parameter, which i...
CVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...
CVE-2025-34079
An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface default port 8443, inject arbitrary commands as externa...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...