12 matches found
EUVD-2025-21393
Malicious code in bioql PyPI...
EUVD-2025-21894
Malicious code in bioql PyPI...
EUVD-2025-16320
Malicious code in bioql PyPI...
CVE-2025-53100 RestDB's Codehooks.io MCP Server Vulnerable to Command Injection
RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated...
CVE-2025-53100 RestDB's Codehooks.io MCP Server Vulnerable to Command Injection
RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated...
CVE-2025-52573
CVE-2025-52573 affects the iOS Simulator MCP Server (ios-simulator-mcp). The vulnerability arises in the MCP Server’s tool definitions (notably the ui_tap tool) which rely on Node.js child process API exec. When untrusted input is used for parameters such as duration, udid, x, and y, shell meta-c...
GHSA-22V8-P7H2-RJ7P Markdownify MCP Server allows attackers to read arbitrary files
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...
Markdownify MCP Server allows attackers to read arbitrary files
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...
CVE-2025-5277
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system...
CVE-2025-5277
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system...
PT-2025-23083
Name of the Vulnerable Software and Affected Versions: aws-mcp-server affected versions not specified Description: The issue is related to command injection. An attacker can craft a prompt that, once accessed by the MCP client, will run arbitrary commands on the host system. Recommendations: At t...
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...