AWS Resources MCP Server 安全漏洞

AWS Resources MCP Server is a Python-based MCP server by Bary Huang Personal Developer. A security vulnerability exists in AWS Resources MCP Server version 0.1.0, which stems from insufficient input validation of the executequery method and could lead to remote code execution and AWS credential...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

CVE-2024-42749

Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script...

EUVD-2025-197651

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

CVE-2025-10686

The CVE-2025-10686 has concrete details across multiple sources: Creta Testimonial Showcase WordPress plugin prior to v1.2.4 is vulnerable to Local File Inclusion. Authenticated users with editor-level access or higher can include and execute arbitrary PHP files on the server, enabling code execu...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

ZOHO ManageEngine Applications Manager Command Injection Vulnerability

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A command injection...

EUVD-2025-178987

Malicious code in execute-char-char-stub-serialize npm...

EUVD-2025-178936

Malicious code in fast-stack-tau-execute-hash npm...

EUVD-2025-179091

Malicious code in epsilon-execute-pi-interpret-index npm...

EUVD-2025-175818

Malicious code in unix-execute-file-route-reject npm...

EUVD-2025-175634

Malicious code in water-execute-rain-root-cloud npm...

EUVD-2025-179761

Malicious code in char-cat-execute-eta-authenticate npm...

EUVD-2025-178038

Malicious code in log-cron-execute-small-signal npm...

EUVD-2025-176426

Malicious code in serialize-bash-authenticate-execute-cloud npm...

EUVD-2025-178372

Malicious code in interface-stack-mock-execute-log npm...

MAL-2025-186895 Malicious code in execute-char-char-stub-serialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe5d9354bb43f2724bc7efeec94e26f50bce0f7ac425402af053df136cd5c11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175863

Malicious code in try-signal-lambda-execute-kernel npm...

EUVD-2025-175553

Malicious code in wind-execute-authorize-mu-byte npm...