Upsonic: remote code execution vulnerability in its MCP server/task creation functionality

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

EUVD-2026-22945

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

MAL-2025-2339 Malicious code in malwaretesting (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 08fe9939d1c2c8ae0ac8bf48c1a2f4e5fc02623d8012c4c6bbbb308f4d6f4200 The OpenSSF Package Analysis project identified 'malwaretesting' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Remote Code Execution (RCE)

NodeBB is vulnerable to remote code execution attacks. If a malicious user is able to force an admin to run a special JavaScript code, it is possible to remotely execute code during the installation or updating of plugins. This is caused because the npm commands executed are not sanitized...