CVE-2026-7600

ArtMin96 yii2-mcp-server 1.0.2 is affected. The vulnerability resides in the MCP Interface’s src/index.ts, specifically the yii_command_help/yii_execute_command functions, enabling remote os command injection. Attack requires no authentication and can be exploited remotely; an exploit has been pu...

Code Review Server 注入漏洞

Code Review Server is a code review tool based on large models, developed by Dennison Bertram. Versions of Code Review Server 0.1.0 and earlier had an injection vulnerability. This vulnerability stems from the executeRepomix function in the src/repomix.ts file, which allows for command injection,...

Website Downloader MCP Server 命令注入漏洞

The Website Downloader MCP Server is a website download tool developed by Manav Kundra. It supports recursive downloading while maintaining the local link structure. Versions of the Website Downloader MCP Server prior to 0.1.0 had a command injection vulnerability. This vulnerability stems from t...

TRENDnet TEW-821DAP 命令注入漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. Versions of TRENDnet TEW-821DAP prior to 1.12B01 contained a command injection vulnerability. This vulnerability stemmed from improper handling of the toolsdiagnostic function in the Firmware Update component, which could...

TRENDnet TEW-821DAP 命令注入漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. Versions of TRENDnet TEW-821DAP prior to 1.12B01 contained a command injection vulnerability. This vulnerability stemmed from improper operation of the toolsdiagnostic function, which could lead to OS command injections...

Yii2 MCP Server 命令注入漏洞

Yii2 MCP Server is a database and project management tool developed by Arthur Minasyan for the Yii2 framework. Version 1.0.2 of Yii2 MCP Server contains a command injection vulnerability. This vulnerability stems from improper handling of the yiicommandhelp/yiiexecutecommand function in the MCP...

Rijksmuseum MCP Server 命令注入漏洞

Rijksmuseum MCP Server is a natural language query tool for museum collections developed by R. Huijts. Versions of Rijksmuseum MCP Server 1.0.4 and earlier had a command injection vulnerability. This vulnerability stemmed from the operation of the openimageinbrowser function in the src/index.ts...

AI Development Assistant MCP Server 注入漏洞

The AI Development Assistant MCP Server is an AI development assistant developed by Kevin Leneway. Versions of the AI Development Assistant MCP Server 2.0.1 and earlier have a vulnerability due to command injection in the runCodeReviewTool function found in the src/tools/codeReview.ts file, which...

PT-2026-36615

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

PT-2026-36619

A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has...

PT-2026-36595

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...

PT-2026-36552

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii command help/yii execute command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been...

PT-2026-36628

Name of the Vulnerable Software and Affected Versions r-huijts mcp-server-rijksmuseum versions prior to 1.0.5 Description A flaw in the MCP Interface component allows remote OS command injection. The issue exists within the open image in browser function located in the src/index.ts file, where...

PT-2026-36624

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. T...

Linux Distros Unpatched Vulnerability : CVE-2026-7246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands...

PT-2026-36601

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP versions prior to 1.12B01 Description A flaw in the Firmware Update component allows remote OS command injection. The issue exists within the tools diagnostic function located in the /tmp/diagnostic file. This allows a remo...

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-7593

CVE-2026-7593 affects Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. The vulnerability resides in the MCP Interface’s function execute_command (src/index.ts), enabling an attacker to perform OS command injection . Remote exploitation is possible, with public disclosures already availabl...

EUVD-2026-26717

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-7590

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...