44926 matches found
CVE-2026-30615
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...
CVE-2026-30616
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...
CVE-2026-30617
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...
CVE-2026-20180
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
CVE-2026-20186
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
CVE-2026-20147
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
Windsurf 安全漏洞
Windsurf is an AI programming software developed by the Windsurf company. Version 1.9544.26 of Windsurf contains a security vulnerability. This vulnerability stems from prompt injection, and it could allow remote attackers to execute arbitrary commands on the victim’s system...
Agent Zero 安全漏洞
Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Version 0.9.8 of Agent Zero contains a security vulnerability, which stems from a flaw in the external MCP server configuration function. This vulnerability could allow attackers to execute arbitrary operating system...
CVE-2026-30616
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...
VulnCheck KEV: CVE-2025-12548
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...
PT-2026-33069
Name of the Vulnerable Software and Affected Versions Windsurf version 1.9544.26 Description A prompt injection issue occurs when the application processes attacker-controlled HTML content. This allows remote attackers to execute arbitrary commands on a victim system without user interaction. The...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine is an identity services engine developed by Cisco, a US-based company. This platform collects real-time information from networks, users, and devices, and develops and implements policies to manage the network. There is a security vulnerability in Cisco Identity...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine is an identity services engine developed by Cisco, a US-based company. This platform collects real-time information from networks, users, and devices, and develops and implements policies to manage the network. There is a security vulnerability in Cisco Identity...
CVE-2026-30617
LangChain-ChatChat 0.3.1 is vulnerable to remote code execution via the MCP STDIO server configuration/execution handling. An attacker can reach the publicly exposed MCP management interface, configure an MCP STDIO server with attacker-controlled commands, and trigger arbitrary OS command executi...
PT-2026-33092
Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine ISE affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on th...
Cisco ISE和Cisco ISE-PIC 安全漏洞
Cisco ISE and Cisco ISE-PIC are both products of the American company Cisco. Cisco ISE is a NAC solution designed to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE-PIC is a component of Cisco ISE. Both Cisco ISE and Cisco ISE-PIC have...
Jaaz 安全漏洞
Jaaz is an AI-driven multi-modal creative design platform developed by 11cafe. Version 1.0.30 of Jaaz contains a security vulnerability, which stems from improper handling of MCP STDIO command execution. This vulnerability could allow remote attackers to execute arbitrary commands...
LangChain-Chatchat 安全漏洞
LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Version 0.3.1 of LangChain-Chatchat contains a security vulnerability. This vulnerability stems from improper configuration and execution of the MCP STDIO server, which may allow...