CVE-2025-61492

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-61492

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-61492

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

PT-2026-1826

Name of the Vulnerable Software and Affected Versions terminal-controller-mcp version 0.1.7 Description A command injection issue exists in the execute command function of the software. Attackers can execute arbitrary commands by providing a crafted input. The vulnerability can lead to arbitrary...

Terminal Controller for MCP 安全漏洞

Terminal Controller for MCP is a context protocol server by the individual developer GongRzhe. A security vulnerability exists in Terminal Controller for MCP version 0.1.7, which stems from a command injection in the executecommand function that could lead to the execution of arbitrary commands...

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

Remote Command Execution

n8n and n8n-nodes-base are vulnerable to Remote Command Execution. The vulnerability is due to the Execute Command node allowing arbitrary command execution on the host system, which allows an attacker to exploit insufficient user trust controls to run malicious commands leading to system...

EUVD-2025-33352

n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host...

n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully...

GHSA-365G-VJW2-GRX8 n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully...

Command Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

Command Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

EUVD-2022-0116

Malicious code in bioql PyPI...

CVE-2025-57749

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

GHSA-GGJM-F3G4-RWMM n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

Powershell Exec

Execute an x64 payload from a command via PowerShell Module Options msf use payload/cmd/windows/powershell/x64/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadexec...

PHP Exec, PHP Meterpreter, PHP Reverse TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions Module Options msf use payload/cmd/unix/php/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf...

PHP Exec

Execute a PHP payload as an OS command from a Posix-compatible shell Module Options msf use payload/cmd/unix/php/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadex...