45 matches found
Arbitrary Command Injection
Overview mcp-server-rijksmuseum is a Affected versions of this package are vulnerable to Arbitrary Command Injection via the openimageinbrowser function. An attacker can execute arbitrary operating system commands by manipulating the imageUrl argument remotely. Remediation There is no fixed versi...
CVE-2026-7653
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
CVE-2026-7653
Affected product : r-huijts mcp-server-rijksmuseum (MCP Interface) up to 1.0.4. Vulnerable component/function : open_image_in_browser in src/index.ts. Vulnerability : Performing a manipulation of the argument imageUrl results in an OS command injection. The attack can be carried out remotely (net...
CVE-2026-7653
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
CVE-2026-7653 r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...
PT-2026-36628
Name of the Vulnerable Software and Affected Versions r-huijts mcp-server-rijksmuseum versions prior to 1.0.5 Description A flaw in the MCP Interface component allows remote OS command injection. The issue exists within the open image in browser function located in the src/index.ts file, where...
CVE-2025-61488
An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...
CVE-2025-61488
CVE-2025-61488 affects SLiMS (Senayan Library Management System) 9 Bulian v.9.6.1. The Red Hat and other sources describe a vulnerability in scrap_image.php via the imageURL parameter that could allow a remote attacker to execute arbitrary code. The CVSS-like metrics indicate network access, high...
SLiMS 9 Bulian 安全漏洞
SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in SLiMS 9 Bulian version 9.6.1, which stems from...
EUVD-2023-58549
Malicious code in bioql PyPI...
CVE-2023-3744
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-6307
A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploi...
CVE-2020-26948
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...
PT-2023-32607 · Unknown · Jeecgboot Jimureport
Name of the Vulnerable Software and Affected Versions: jeecgboot JimuReport versions up to 1.6.1 Description: A critical vulnerability was found in jeecgboot JimuReport, affecting an unknown functionality of the file /download/image. The manipulation of the imageUrl argument leads to relative pat...
JeecgBoot JimuReport Security Vulnerability
JeecgBoot is a Chinese Java low-code platform for enterprise web applications. A security vulnerability exists in JeecgBoot JimuReport version 1.6.1 and prior versions, which stems from an incorrect manipulation of the parameter imageUrl that can lead to relative path traversal...
CVE-2023-3744
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
CVE-2023-3744
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
Server side request forgery (ssrf)
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...
CVE-2023-3744 Server-Side Request Forgery in SLiMS
Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrapeimage.php" file in the imageURL parameter...