CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

CVE-2026-20186

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

PT-2026-33092

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine ISE affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on th...

VulnCheck KEV: CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

CVE-2026-30616

Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...

Agent Zero 安全漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Version 0.9.8 of Agent Zero contains a security vulnerability, which stems from a flaw in the external MCP server configuration function. This vulnerability could allow attackers to execute arbitrary operating system...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine is an identity services engine developed by Cisco, a US-based company. This platform collects real-time information from networks, users, and devices, and develops and implements policies to manage the network. There is a security vulnerability in Cisco Identity...

Cisco ISE和Cisco ISE-PIC 安全漏洞

Cisco ISE and Cisco ISE-PIC are both products of the American company Cisco. Cisco ISE is a NAC solution designed to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE-PIC is a component of Cisco ISE. Both Cisco ISE and Cisco ISE-PIC have...

PT-2026-33087

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with valid administrative credentials to execute arbitra...

PT-2026-33069

Name of the Vulnerable Software and Affected Versions Windsurf version 1.9544.26 Description A prompt injection issue occurs when the application processes attacker-controlled HTML content. This allows remote attackers to execute arbitrary commands on a victim system without user interaction. The...

CVE-2026-30617

LangChain-ChatChat 0.3.1 is vulnerable to remote code execution via the MCP STDIO server configuration/execution handling. An attacker can reach the publicly exposed MCP management interface, configure an MCP STDIO server with attacker-controlled commands, and trigger arbitrary OS command executi...

Jaaz 安全漏洞

Jaaz is an AI-driven multi-modal creative design platform developed by 11cafe. Version 1.0.30 of Jaaz contains a security vulnerability, which stems from improper handling of MCP STDIO command execution. This vulnerability could allow remote attackers to execute arbitrary commands...

LangChain-Chatchat 安全漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Version 0.3.1 of LangChain-Chatchat contains a security vulnerability. This vulnerability stems from improper configuration and execution of the MCP STDIO server, which may allow...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine is an identity services engine developed by Cisco, a US-based company. This platform collects real-time information from networks, users, and devices, and develops and implements policies to manage the network. There is a security vulnerability in Cisco Identity...

Radare2 安全漏洞

Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Versions of Radare2 prior to 6.1.4 contained security vulnerabilities. These vulnerabilities stemmed from the printgvars function in the PDB parser, which had issues with command injection, potentially allowing...