Lucene search
+L

173 matches found

OSV
OSV
added 2026/04/05 10:30 p.m.6 views

CVE-2026-5603 elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...

4.8CVSS5.5AI score0.00812EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/05 10:15 p.m.1 views

CVE-2026-5602 Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...

5.3CVSS5.7AI score0.00812EPSS
Exploits0References8
CVE
CVE
added 2026/04/05 10:15 p.m.13 views

CVE-2026-5602

Nor2-io heim-mcp up to 0.1.3 is affected in new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud, specifically the registerTools function in src/tools.ts, which enables OS command injection due to the underlying root cause described in the CVE. The vulnerability requires ...

5.3CVSS5.7AI score0.00812EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.4 views

PT-2026-30513

Name of the Vulnerable Software and Affected Versions elgentos magento2-dev-mcp versions up to 1.0.2 Description A flaw exists in elgentos magento2-dev-mcp up to version 1.0.2 due to a command injection issue within the executeMagerun2Command function located in the src/index.ts file. This...

5.3CVSS5.9AI score0.00812EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/03/31 5:1 p.m.3 views

CVE-2026-5125

A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function childprocess.execSync of the file src/server.ts. The manipulation of the argument gitdiff.baseref/gitdiff.files results in os command injection. The attack is only possible with local...

5.3CVSS5.6AI score0.0083EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 5:0 p.m.11 views

CVE-2026-5125

The vulnerability CVE-2026-5125 affects raine consult-llm-mcp up to 2.5.3, specifically the function child_process.execSync in src/server.ts. Manipulating git_diff.base_ref/git_diff.files can lead to OS command injection with local access. A public exploit exists and upgrading to 2.5.4 (patch 4ab...

5.3CVSS5.8AI score0.0083EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/30 5:0 a.m.5 views

CVE-2026-5023

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

5.3CVSS5.3AI score0.00647EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.7 views

PT-2026-29087

A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child process.execSync of the file src/server.ts. The manipulation of the argument git diff.base ref/git diff.files results in os command injection. The attack is only possible with...

5.3CVSS5.8AI score0.0083EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.4 views

CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS5.5AI score0.00647EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/29 4:30 a.m.7 views

EUVD-2026-16966

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

5.3CVSS5.5AI score0.00647EPSS
Exploits0References6
NVD
NVD
added 2026/03/29 2:16 a.m.9 views

CVE-2026-5023

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

5.3CVSS0.00647EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/29 2:0 a.m.40 views

CVE-2026-5023 DeDeveloper23 codebase-mcp RepoMix codebase.ts saveCodebase os command injection

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

5.3CVSS0.00647EPSS
Exploits0References5
NVD
NVD
added 2026/03/28 7:16 p.m.5 views

CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS0.00647EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/28 6:30 p.m.3 views

CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS5.5AI score0.00647EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/28 6:30 p.m.2 views

CVE-2026-5007 kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS5.7AI score0.00647EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.5 views

CVE-2026-4198

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

5.3CVSS5.6AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.1AI score0.00571EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 a.m.10 views

EUVD-2026-14588

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

8.5CVSS6.3AI score
Exploits0References4
NVD
NVD
added 2026/03/23 10:16 p.m.4 views

CVE-2026-32907

Rejected reason: This CVE ID has been rejected...

Exploits0
CVE
CVE
added 2026/03/23 9:36 p.m.14 views

CVE-2026-32907

OpenClaw is affected by CVE-2026-32907 in versions prior to 2026.2.19. A local command-injection flaw exists in Windows scheduled task script generation, allowing an attacker who can influence service script generation values to inject unescaped cmd metacharacters into gateway.cmd arguments and a...

6.3AI score
Exploits0
Rows per page
Query Builder