500 matches found
CVE-2025-40891
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40891
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40891
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40891
The CVE-2025-40891 issue affects Nozomi Networks Guardian/CMC Time Machine Snapshot Diff functionality. An unauthenticated attacker can send crafted network packets at two different times to inject HTML into asset attributes across two snapshots. When a user interacts with the affected snapshots ...
EUVD-2025-204261
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0
Summary A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. Impact An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset...
PT-2025-52219
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
Arbitrary Argument Injection
Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Arbitrary Argument Injection via the gitdiff and gitcheckout functions. An attacker can...
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
CVE-2025-68144
CVE-2025-68144 affects mcp-server-git. In versions prior to 2025.12.17, the git_diff and git_checkout functions forward user-controlled arguments directly to the git CLI without sanitization. This allows flag-like values (for example, --output=/path/to/file) to be interpreted as git options rathe...
Model Context Protocol Servers 参数注入漏洞
Model Context Protocol Servers is a large model context protocol server from Model Context Protocol open source. A parameter injection vulnerability exists in versions of Model Context Protocol Servers prior to 2025.12.17, which stems from the gitdiff and gitcheckout functions passing...
PT-2025-51937
Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17 Description The git diff and git checkout functions in mcp-server-git did not properly sanitize user-supplied arguments before passing them to git CLI commands. Specifically, flag-like values, such a...
@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=0.13.0 <=6.0.0) +4 more potentially affected by unknown CVE via @asyncapi/diff (>=0.2.2 <=0.5.0)
@asyncapi/diff NPM version =0.2.2, =4.1.3, =0.13.0, =0.16.0, =0.10.0, =1.4.14, =1.4.39 - trusted-publishing-testasyncapi-cli =4.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIDIFF-14103252...
Malicious code in @asyncapi/diff (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afa55a72fa4b01b54926fbef60ac9ac0ece6a9128ddbdd3d883aa6ee7bb8c67c The package @asyncapi/diff was found to contain malicious code. Source: ghsa-malware dfe913f8a298c7c2e8e2e4708025a868cba9d567779195881f90ba52bdc8d14c...
MAL-2025-190655 Malicious code in @asyncapi/diff (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afa55a72fa4b01b54926fbef60ac9ac0ece6a9128ddbdd3d883aa6ee7bb8c67c The package @asyncapi/diff was found to contain malicious code. Source: ghsa-malware dfe913f8a298c7c2e8e2e4708025a868cba9d567779195881f90ba52bdc8d14c...
EUVD-2025-198692
Malicious code in @asyncapi/diff npm...
@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=0.13.0 <=6.0.0) +4 more potentially affected by unknown CVE via @asyncapi/diff (>=0.2.2 <=0.5.0)
@asyncapi/diff NPM version =0.2.2, =4.1.3, =0.13.0, =0.16.0, =0.10.0, =1.4.14, =1.4.39 - trusted-publishing-testasyncapi-cli =4.1.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190655...
SUSE CVE-2025-40062
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - set NULL to qm-debug.qmdiffregs When the initialization of qm-debug.accdiffreg fails, the probe process does not exit. However, after qm-debug.qmdiffregs is freed, it is not set to NULL. This can lead to a...
CVE-2025-40062
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - set NULL to qm-debug.qmdiffregs When the initialization of qm-debug.accdiffreg fails, the probe process does not exit. However, after qm-debug.qmdiffregs is freed, it is not set to NULL. This can lead to a...