Lucene search
+L

5 matches found

Veracode
Veracode
added 2025/07/18 5:54 a.m.7 views

Command Injection

@sunwood-ai-labs/github-kanban-mcp-server is vulnerable to command injection. The vulnerability is due to the use of the unsafe exec API with untrusted user input in the addcomment tool, which allows an attacker to execute arbitrary system commands through crafted input...

9.3CVSS7.5AI score0.01287EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/07/15 5:6 p.m.8 views

GHSA-6JX8-RCJX-VMWF GitHub Kanban MCP Server vulnerable to Command Injection

The MCP Server at https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the tool addcomment which...

9.3CVSS8.4AI score0.01287EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/06/26 9:20 p.m.17 views

iOS Simulator MCP Command Injection allowed via exec API

Command Injection in MCP Server The MCP Server at https://github.com/joshuayoes/ios-simulator-mcp/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the too...

6CVSS7.9AI score0.00658EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/06/26 9:20 p.m.7 views

GHSA-6F6R-M9PV-67JW iOS Simulator MCP Command Injection allowed via exec API

Command Injection in MCP Server The MCP Server at https://github.com/joshuayoes/ios-simulator-mcp/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the too...

6CVSS7.9AI score0.00658EPSS
Exploits0References6
Metasploit
Metasploit
added 2022/07/16 5:42 p.m.217 views

Sourcegraph gitserver sshCommand RCE

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

8.8CVSS8.2AI score0.7431EPSS
Exploits8
Rows per page
Query Builder