849 matches found
CVE-2025-11491
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...
CVE-2025-11489
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...
CVE-2025-11490
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
Command Injection
Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to Command Injection via the extractBaseCommand function. An attacker can execute arbitrary operating system commands by supplying crafted input that ...
CVE-2025-11490
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
UNIX Symbolic Link (Symlink) Following
Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the isPathAllowed function. An attacker can create a symlink inside an allowed directory that points to a...
EUVD-2025-33288
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-11489 wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...
CVE-2025-11489
CVE-2025-11489 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The issue resides in isPathAllowed (src/tools/filesystem.ts) and enables symbolic link following, with local access required and high attack complexity. Publicly disclosed exploitability is noted; vendor guidance recommends usi...
Desktop Commander MCP 安全漏洞
Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from os command injection in the extractBaseCommand function of the src/command-manager.ts file in the Absolute Path...
Desktop Commander MCP 操作系统命令注入漏洞
Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. An operating system command injection vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from improper manipulation of the function CommandManager in the file src/command-manager.ts...
Desktop Commander MCP 安全漏洞
Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from the operation of the function isPathAllowed in the file src/tools/filesystem.ts that may result in symbolic link...
EUVD-2020-9334
Malware in sbrugna...
EUVD-2005-0764
Malware in sbrugna...
EUVD-2004-0231
Malware in sbrugna...
EUVD-2007-4528
Malware in sbrugna...
EUVD-2004-1091
Malware in sbrugna...
EUVD-2021-2745
Malware in sbrugna...
EUVD-2004-1003
Malware in sbrugna...
EUVD-2017-3359
Malware in sbrugna...