Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/04/06 12:30 a.m.0 views

GHSA-WX4P-JR66-JFP9 @nor2/heim-mcp vulnerable to command injection

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References9
EUVD
EUVDadded 2026/04/06 12:30 a.m.0 views

EUVD-2026-19134

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/04/05 10:15 p.m.0 views

CVE-2026-5602 Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References8
CVE
CVEadded 2026/04/05 10:15 p.m.4 views

CVE-2026-5602

Nor2-io heim-mcp up to 0.1.3 is affected in new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud, specifically the registerTools function in src/tools.ts, which enables OS command injection due to the underlying root cause described in the CVE. The vulnerability requires ...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/04/05 10:15 p.m.0 views

CVE-2026-5602

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References8Affected Software1
CNNVD
CNNVDadded 2026/04/05 12:0 a.m.3 views

Heim MCP 操作系统命令注入漏洞

Heim MCP is an open-source MCP server developed by NorNor, used for creating, deploying, and managing backend applications. Versions of Heim MCP prior to 0.1.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from operations on functions in the...

5.3CVSS6AI score0.00103EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/04/05 12:0 a.m.1 views

PT-2026-30512

Name of the Vulnerable Software and Affected Versions Nor2-io heim-mcp versions up to 0.1.3 Description A flaw exists in the registerTools function within the src/tools.ts file of the new heim application/deploy heim application/deploy heim application to cloud component. This can lead to operati...

5.3CVSS5.9AI score0.00103EPSS
Exploits0References12
Rows per page
Query Builder