iOS Simulator MCP Command Injection allowed via exec API

Command Injection in MCP Server The MCP Server at https://github.com/joshuayoes/ios-simulator-mcp/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the too...

Exploit for Code Injection in Langflow

CVE-2025-3248 – Unauthenticated Remote Code Execution in Langf...

CVE-2025-6363

A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. It is possible to launch the attack remotely...

Code-Projects Simple Pizza Ordering System 安全漏洞

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ingname in the file /adding-exec.php. An attacker can exploit this...

CVE-2022-50095

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b "posix-cpu-timers: Store a reference to a pid not a task" started looking up tasks by PID when deleting a CPU timer. When a non-leader threa...

DEBIAN-CVE-2022-50095

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b "posix-cpu-timers: Store a reference to a pid not a task" started looking up tasks by PID when deleting a CPU timer. When a non-leader threa...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from posix-cpu-timers not clearing CPU timers during exec, which could lead to reuse after release...

candid-extractor (>=0.1.0 <=0.1.2), debug-engine (>=0.1.0 <=0.1.1) +69 more potentially affected by unknown CVE via wasmtime-jit-debug (>=0.35.0 <=1.0.2)

wasmtime-jit-debug CARGO version =0.35.0, =0.1.0, =0.1.0, =0.1.3, =0.4.0, =0.4.0, =0.5.0, =0.0.1-alpha, =0.0.6, =0.11.0, =0.9.0, =0.9.0, =0.9.0, =0.10.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9GHP-W2HM-VFPF...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +15648 more potentially affected by CVE-2025-48976 via commons-fileupload:commons-fileupload (>=1.0 <=1.5)

commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =0.5.0, =0.6.0, =0.5.0, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.7 and more Source cves: CVE-2025-48976 Source advisory: SNYK:JAVA-COMMONSFILEUPLOAD-10363252...

OS Command Exec, Unix Command Shell, Bind TCP (via Zsh)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. Module Options msf use payload/php/unix/cmd/bindzsh msf payloadbindzsh show actions ...actions... msf...

OS Command Exec, Unix Command Shell, Double Reverse TCP (telnet)

Execute an OS command from PHP. Creates an interactive shell through two inbound connections Module Options msf use payload/php/unix/cmd/reverse msf payloadreverse show actions ...actions... msf payloadreverse set ACTION msf payloadreverse show options ...show and set options... msf payloadrevers...

CVE-2024-3740

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has...

CVE-2024-6937

A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curlexec of the file /admin/forms/optionlists/edit.php of the component Import Option List. The manipulation of the argument url leads to file inclusion. It is possible to...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

CVE-2023-27198

PAX A930 device with PayDroid7.1.1VirgoV04.5.0220220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2021-39367

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...

CVE-2021-39368

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

CVE-2021-27877

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this schem...

CVE-2020-23151

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped...

CVE-2013-4678

The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors...