Lucene search
K

8 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.9 views

Malicious code in @postman/postman-mcp-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10b1da432f0b6ecaccc97520bb9697e6dbf44b04415bd15e6ac9864c86f3b37e The package @postman/postman-mcp-cli was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 4:31 p.m.3 views

EUVD-2025-198917

Malicious code in @postman/postman-mcp-cli npm...

6.6AI score
Exploits0
Snyk
Snyk
added 2025/11/24 4:24 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-25438

Malicious code in bioql PyPI...

8.1CVSS5.7AI score0.05236EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2025/08/21 12:30 a.m.12 views

card-ocr-fastmcp (=1.0.0) potentially affected by CVE-2025-9262 via @wong2/mcp-cli (=1.13.0)

@wong2/mcp-cli NPM version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on @wong2/mcp-cli and may be impacted: - card-ocr-fastmcp =1.0.0 Source cves: CVE-2025-9262 Source advisory: OSV:GHSA-P6RM-483J-37JF...

8.1CVSS6.1AI score0.05236EPSS
Exploits1
NVD
NVD
added 2025/08/20 11:15 p.m.15 views

CVE-2025-9262

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

8.1CVSS0.05236EPSS
Exploits1References5
OSV
OSV
added 2025/08/20 11:15 p.m.5 views

CVE-2025-9262

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

8.1CVSS5.3AI score0.05236EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.5 views

mcp-cli 安全漏洞

mcp-cli is a model context protocol checker for Wong2 Personal Developer. A security vulnerability exists in mcp-cli version 1.13.0, which stems from an incorrect operation of the function redirectToAuthorization in the file /src/oauth/provider.js resulting in os command injection...

8.1CVSS7.1AI score0.05236EPSS
Exploits1References5
Rows per page
Query Builder