Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/12/09 8:26 p.m.3 views

CVE-2025-14204

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

6.5CVSS6.9AI score0.01155EPSS
Exploits0References1
NVD
NVD
added 2025/12/07 11:15 p.m.6 views

CVE-2025-14204

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

6.5CVSS0.01155EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/07 11:2 p.m.20 views

CVE-2025-14204 TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

6.5CVSS0.01155EPSS
Exploits0References4
CVE
CVE
added 2025/12/07 11:2 p.m.8 views

CVE-2025-14204

Summary of CVE-2025-14204 : TykoDev cherry-studio-TykoFork 0.1 is affected by an OS command injection in the OAuth Server Discovery flow. The vulnerability resides in the function redirectToAuthorization of the file /.well-known/oauth-authorization-server, where improper handling of the authoriza...

6.5CVSS6.8AI score0.01155EPSS
Exploits0References4
NVD
NVD
added 2025/09/17 9:15 p.m.4 views

CVE-2025-10619

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

6.5CVSS0.01628EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/17 9:2 p.m.2 views

CVE-2025-10619 sequa-ai sequa-mcp OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

6.5CVSS6.4AI score0.01628EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.4 views

Sequa MCP 操作系统命令注入漏洞

Sequa MCP is an open source MCP protocol entry point for sequa.ai. Sequa MCP 1.0.13 and earlier versions have an operating system command injection vulnerability that originates from the redirectToAuthorization function in the src/helpers/node-oauth-client-provider.ts file in the OAuth Server...

6.5CVSS6.8AI score0.01628EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.7 views

PT-2025-38278

Name of the Vulnerable Software and Affected Versions: sequa-ai sequa-mcp versions prior to 1.0.14 Description: A vulnerability exists in the redirectToAuthorization function within the OAuth Server Discovery component, specifically in the file src/helpers/node-oauth-client-provider.ts...

6.5CVSS6.5AI score0.01628EPSS
Exploits0References11
Rows per page
Query Builder