174 matches found
Command Injection
Godot MCP is vulnerable to Command Injection. The vulnerability is due to passing user-controlled input directly to exec without sanitization, which allows an attacker to inject shell commands and achieve remote code execution...
yii2-mcp-server has a Command Injection Issue
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...
CVE-2026-7600 ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...
CVE-2026-7593
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
EUVD-2026-26717
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
CVE-2026-7593
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
Linux Execute Command
Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/linux/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run This module requires Metasploit:...
CVE-2026-40153
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...
Exposure of Sensitive Information Through Environmental Variables
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables in the executecommand function, where environment variables within command...
CVE-2026-40088
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...
CVE-2026-40088 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...
PraisonAI 操作系统命令注入漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.121 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the executecommand function and the workflow shell, which expose...
Command Injection
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2026-4946
Ghidra up to version 12.0.2 is affected by a flaw where annotation directives embedded in automatically extracted binary data (notably the @execute directive parsed from auto-analysis comments like CFStrings in Mach‑O) are executed when an analyst clicks benign-looking UI text. This yields arbitr...
CVE-2026-0759
Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this...
Arbitrary Command Injection
Overview super-shell-mcp is a MCP server for executing shell commands across multiple platforms Affected versions of this package are vulnerable to Arbitrary Command Injection via the executecommand function. An attacker can execute arbitrary system commands by supplying specially crafted input...
terminal-controller-mcp vulnerable to Command Injection
A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...
CVE-2025-61492
A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...