14 matches found
CVE-2026-7593
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
EUVD-2026-26717
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
CVE-2026-7593
CVE-2026-7593 affects Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. The vulnerability resides in the MCP Interface’s function execute_command (src/index.ts), enabling an attacker to perform OS command injection . Remote exploitation is possible, with public disclosures already availabl...
CVE-2026-7593
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
command-executor MCP Server 命令注入漏洞
command-executor MCP Server is a secure execution tool for pre-approved commands from Maki Individual Developers. A command injection vulnerability exists in command-executor MCP Server version 0.1.0 and earlier, which stems from improper manipulation of the executecommand function in the...
CVE-2025-35028
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
EUVD-2025-199938
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
CVE-2025-35028 HexStrike AI MCP Server Command Injection
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
CVE-2025-35028
HexStrike AI MCP Server is affected by a command-injection vulnerability in the EnhancedCommandExecutor API endpoint. A command-line argument starting with a semicolon (;) can cause a composed command to run with the MCP server’s privileges (typically root) because default configurations do not s...
PT-2025-48397
Name of the Vulnerable Software and Affected Versions HexStrike AI MCP Server versions prior to commit 2f3a5512 Description The HexStrike AI MCP Server is susceptible to a command injection issue. By supplying a command-line argument beginning with a semicolon ; to an API endpoint created by the...
PT-2025-48532
🚨 CVE-2026-1442 Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 a...
mesos: docker image code execution
A flaw was found in Docker image running under root user, where it is possible to overwrite the init helper binary of the container runtime or the command executor in Apache Mesos. A malicious user could use this flaw to gain root-level code execution on the host...