32 matches found
CVE-2026-0755
gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-0755 gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-15063
Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-15063 Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-15063 Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-15063
CVE-2025-15063 : Ollama MCP Server contains a command injection in the execAsync method. The flaw stems from insufficient validation of a user-supplied string before it is used to perform a system call, enabling an unauthenticated attacker to execute arbitrary code with the service account contex...
Ollama MCP Server: Operating System Command Injection Vulnerability
Ollama MCP Server is an open-source server component based on the Large Model Context Protocol developed by Ollama. The Ollama MCP Server has a vulnerability related to operating system command injection. This vulnerability stems from the execAsync method not properly verifying the string provide...
(0Day) Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper...
PT-2026-1768
Name of the Vulnerable Software and Affected Versions Ollama MCP Server affected versions not specified Description This issue allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server without authentication. The flaw resides in the execAsync method due to...
(0Day) gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper...
PT-2026-1986
Name of the Vulnerable Software and Affected Versions github-kanban-mcp-server affected versions not specified Description A flaw exists in github-kanban-mcp-server that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The iss...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview @aiondadotcom/mcp-ssh is a MCP Agent for managing SSH hosts - A Model Context Protocol server for SSH operations Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to using the execAsync...