Lucene search
K

849 matches found

RedhatCVE
RedhatCVE
added 2025/10/10 1:32 a.m.5 views

CVE-2025-11491

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

6.5CVSS6.8AI score0.04296EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/10 1:31 a.m.5 views

CVE-2025-11489

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...

4.5CVSS5.7AI score0.00228EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/10 1:31 a.m.4 views

CVE-2025-11490

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

6.5CVSS6.8AI score0.03542EPSS
Exploits1References1
Snyk
Snyk
added 2025/10/08 7:41 p.m.5 views

Command Injection

Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to Command Injection via the extractBaseCommand function. An attacker can execute arbitrary operating system commands by supplying crafted input that ...

6.5CVSS7.9AI score0.03542EPSS
Exploits1References2
NVD
NVD
added 2025/10/08 7:15 p.m.4 views

CVE-2025-11490

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

9.8CVSS0.03542EPSS
Exploits1References6
Snyk
Snyk
added 2025/10/08 6:42 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the isPathAllowed function. An attacker can create a symlink inside an allowed directory that points to a...

4.5CVSS7AI score0.00228EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/08 6:32 p.m.6 views

EUVD-2025-33288

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

6.5CVSS6.3AI score0.03542EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/10/08 6:2 p.m.3 views

CVE-2025-11489 wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...

4.5CVSS5.5AI score0.00228EPSS
Exploits1References6
CVE
CVE
added 2025/10/08 6:2 p.m.16 views

CVE-2025-11489

CVE-2025-11489 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The issue resides in isPathAllowed (src/tools/filesystem.ts) and enables symbolic link following, with local access required and high attack complexity. Publicly disclosed exploitability is noted; vendor guidance recommends usi...

7CVSS5.5AI score0.00228EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.4 views

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from os command injection in the extractBaseCommand function of the src/command-manager.ts file in the Absolute Path...

9.8CVSS6.8AI score0.03542EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

Desktop Commander MCP 操作系统命令注入漏洞

Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. An operating system command injection vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from improper manipulation of the function CommandManager in the file src/command-manager.ts...

9.8CVSS6.8AI score0.04296EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.4 views

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from the operation of the function isPathAllowed in the file src/tools/filesystem.ts that may result in symbolic link...

7CVSS4.8AI score0.00228EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-9334

Malware in sbrugna...

7.3CVSS7.4AI score0.00389EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-0764

Malware in sbrugna...

4.6CVSS6.1AI score0.00474EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-0231

Malware in sbrugna...

2.1CVSS6AI score0.0038EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-4528

Malware in sbrugna...

6.8CVSS6.4AI score0.01885EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1091

Malware in sbrugna...

5CVSS6.1AI score0.0167EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2745

Malware in sbrugna...

8CVSS7.8AI score0.00378EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1003

Malware in sbrugna...

7.5CVSS6AI score0.01787EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-3359

Malware in sbrugna...

7.8CVSS7.6AI score0.00792EPSS
Exploits1References2
Rows per page
Query Builder