Lucene search
K

186 matches found

Metasploit
Metasploit
added 4 days ago14 views

FTP Fetch, Linux Execute Command

Fetch and execute an MIPSBE payload from an FTP server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes. Module Options msf use payload/cmd/linux/ftp/mipsbe/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.42 views

CVE-2025-71380 n8n - Arbitrary Command Execution via Execute Command Node

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS0.00413EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.12 views

EUVD-2025-210426

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.30 views

CVE-2025-71380

CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71380

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.18 views

PT-2026-55682

Name of the Vulnerable Software and Affected Versions n8n affected versions not specified Description The Execute Command node allows authenticated users to execute arbitrary commands on the host system where the application is running. Users with valid access or compromised credentials can...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 4:17 p.m.22 views

CVE-2026-34108

The CVE-2026-34108 entry concerns Guardian Language-System. It describes an unauthenticated OS command injection in text.php where the id GET parameter is passed directly into exec("php jobs/text.php … ".$login_session." ".$_GET['id'].") without sanitization. This allows an unauthenticated remote...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/06/29 7:4 p.m.152 views

Linux Execute Command

Execute an arbitrary command. Module Options msf use payload/linux/loongarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run frozenstringliteral: true This module requires Metasploit:...

6AI score
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-551 terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

10CVSS6.1AI score0.01891EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.12 views

CVE-2026-40088

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...

9.6CVSS5.9AI score0.00419EPSS
Exploits1References1
Veracode
Veracode
added 2026/05/16 5:8 a.m.21 views

Command Injection

Godot MCP is vulnerable to Command Injection. The vulnerability is due to passing user-controlled input directly to exec without sanitization, which allows an attacker to inject shell commands and achieve remote code execution...

7.8CVSS6.1AI score0.00853EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/02 3:31 a.m.10 views

yii2-mcp-server has a Command Injection Issue

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/05/02 12:15 a.m.38 views

CVE-2026-7600 ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS0.0111EPSS
Exploits0References6
NVD
NVD
added 2026/05/01 9:16 p.m.4 views

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

7.5CVSS0.01362EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/01 8:15 p.m.32 views

CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

7.5CVSS0.01362EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/01 8:15 p.m.6 views

EUVD-2026-26717

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

7.5CVSS5.4AI score0.01362EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:15 p.m.3 views

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

7.5CVSS6.6AI score0.01362EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/01 8:15 p.m.5 views

CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

7.5CVSS6.6AI score0.01362EPSS
Exploits0References5
Metasploit
Metasploit
added 2026/05/01 7:1 p.m.349 views

Linux Execute Command

Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/linux/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run This module requires Metasploit:...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.5 views

CVE-2026-40153

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

7.4CVSS5.8AI score0.00273EPSS
Exploits1References1
Rows per page
Query Builder