8 matches found
Malicious code in @postman/postman-mcp-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10b1da432f0b6ecaccc97520bb9697e6dbf44b04415bd15e6ac9864c86f3b37e The package @postman/postman-mcp-cli was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198917
Malicious code in @postman/postman-mcp-cli npm...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-25438
Malicious code in bioql PyPI...
card-ocr-fastmcp (=1.0.0) potentially affected by CVE-2025-9262 via @wong2/mcp-cli (=1.13.0)
@wong2/mcp-cli NPM version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on @wong2/mcp-cli and may be impacted: - card-ocr-fastmcp =1.0.0 Source cves: CVE-2025-9262 Source advisory: OSV:GHSA-P6RM-483J-37JF...
CVE-2025-9262
A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...
CVE-2025-9262
A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...
mcp-cli 安全漏洞
mcp-cli is a model context protocol checker for Wong2 Personal Developer. A security vulnerability exists in mcp-cli version 1.13.0, which stems from an incorrect operation of the function redirectToAuthorization in the file /src/oauth/provider.js resulting in os command injection...