PT-2025-49182

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.66 Description An issue exists in Apache HTTP Server on Windows when AllowEncodedSlashes is enabled and MergeSlashes is disabled. This can allow for Server-Side Request Forgery SSRF, potentially leading...

Linux Distros Unpatched Vulnerability : CVE-2019-12618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. CVE-2019-12618 Note that Nessus relies on the presence of the package as...

CVE-2025-59046

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

CVE-2025-59046

The CVE-2025-59046 entry concerns the npm package interactive-git-checkout. Affected versions (up to and including 1.1.4) are vulnerable because the code passes the user-provided branch name directly to git checkout via Node.js child_process.exec() without input validation or sanitization, enabli...

CVE-2025-59046 interactive-git-checkout has Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

CVE-2025-54994

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

CVE-2025-54994

CVE-2025-54994 affects the MCP Server Starter kit @akoskm/create-mcp-server-stdio. The vulnerable component is the which-app-on-port tool that uses Node.js child_process.exec, exposing command-injection risk when user input is unsafely concatenated into shell commands. Affected versions precede 0...

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

PT-2025-36603

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

PT-2025-36503

Name of the Vulnerable Software and Affected Versions: @akoskm/create-mcp-server-stdio versions prior to 0.0.13 Description: The @akoskm/create-mcp-server-stdio package, a MCP server starter kit utilizing the StdioServerTransport, contains a command injection issue in versions prior to 0.0.13. Th...

Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

Malicious code in rigel-exec-ichnology-playwright (npm)

The package rigel-exec-ichnology-playwright was found to contain malicious code...

Malicious code in gravity-exec-geochemistry-jwt (npm)

The package gravity-exec-geochemistry-jwt was found to contain malicious code...

MAL-2025-44193 Malicious code in exec-exoplanetology-hercules-titan (npm)

The package exec-exoplanetology-hercules-titan was found to contain malicious code...

MAL-2025-45847 Malicious code in rigel-exec-ichnology-playwright (npm)

The package rigel-exec-ichnology-playwright was found to contain malicious code...

MAL-2025-45615 Malicious code in publish-exec-quasar-puppeteer (npm)

The package publish-exec-quasar-puppeteer was found to contain malicious code...

MAL-2025-45057 Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

MAL-2025-44464 Malicious code in gravity-exec-geochemistry-jwt (npm)

The package gravity-exec-geochemistry-jwt was found to contain malicious code...