PT-2025-36603

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

PT-2025-36503

Name of the Vulnerable Software and Affected Versions: @akoskm/create-mcp-server-stdio versions prior to 0.0.13 Description: The @akoskm/create-mcp-server-stdio package, a MCP server starter kit utilizing the StdioServerTransport, contains a command injection issue in versions prior to 0.0.13. Th...

Malicious code in rigel-exec-ichnology-playwright (npm)

The package rigel-exec-ichnology-playwright was found to contain malicious code...

Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

MAL-2025-44193 Malicious code in exec-exoplanetology-hercules-titan (npm)

The package exec-exoplanetology-hercules-titan was found to contain malicious code...

MAL-2025-44464 Malicious code in gravity-exec-geochemistry-jwt (npm)

The package gravity-exec-geochemistry-jwt was found to contain malicious code...

MAL-2025-45615 Malicious code in publish-exec-quasar-puppeteer (npm)

The package publish-exec-quasar-puppeteer was found to contain malicious code...

MAL-2025-45847 Malicious code in rigel-exec-ichnology-playwright (npm)

The package rigel-exec-ichnology-playwright was found to contain malicious code...

Malicious code in gravity-exec-geochemistry-jwt (npm)

The package gravity-exec-geochemistry-jwt was found to contain malicious code...

MAL-2025-45057 Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

RCE-Foryou

RCE-Foryou Python tool for safely testing and exploiting RCE v...

Unsanitized NUL in environment variables on Windows in syscall and os/exec

...

Linux Distros Unpatched Vulnerability : CVE-2020-24361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec. CVE-2020-24361 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2022-31212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer...

Linux Distros Unpatched Vulnerability : CVE-2022-1106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - use after free in mrbvmexec in GitHub repository mruby/mruby prior to 3.2. CVE-2022-1106 Note that Nessus relies on the presence of the package as reported by t...

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

CVE-2011-10028

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

CVE-2010-20059 FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

PT-2025-34109 · Undefined · Undefined

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

Linux Distros Unpatched Vulnerability : CVE-2023-39593

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure permissions in the sysexec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this ...