16 matches found
aws-mcp-server 操作系统命令注入漏洞
aws-mcp-server is a lightweight service developed by Alexei Ledenev. It enables AI assistants to execute AWS CLI commands through the Model Context Protocol MCP in a secure, containerized environment. aws-mcp-server has an operating system command injection vulnerability, which stems from...
CVE-2026-24779
vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...
CVE-2026-24047
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
React-Zero-Day-Exploit-Laboratory
🚨 React Zero-Day Exploit Laboratory Interactive Secur...
EUVD-2020-17356
Malware in sbrugna...
aws-mcp-server 操作系统命令注入漏洞
aws-mcp-server is a lightweight service by Alexei Ledenev Personal Developer that enables AI assistants to execute AWS CLI commands in a secure containerized environment via the Model Context Protocol MCP. A security vulnerability exists in aws-mcp-server that stems from command injection and cou...
CVE-2023-49103
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...
CVE-2020-24640
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
CVE-2023-49103
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...
CVE-2020-24639
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
CVE-2020-24640
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
Input validation
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
CVE-2020-24640
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
CVE-2020-24640
Aruba Airwave Glass prior to version 1.3.3 contains an input validation error that enables arbitrary command execution inside the containerized environment. This weakness can allow an attacker to fully compromise the underlying host OS, with exploitation primarily possible through management GUI/...
CVE-2020-24639
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
Billion Laugh Attack in https://sites.google.com
tl;dr https://sites.google.com suffered from a Billion Laugh Attack vulnerability that made the containerized environment to crash with a single invocation. Introduction Few months ago I applied for a talk at a security conference titled So you wanna be a Bug Bounty Hunter but it was rejected :...