9 matches found
EUVD-2025-28661
Malicious code in bioql PyPI...
CVE-2025-58062
LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...
CVE-2025-58062
LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...
CVE-2025-58062 LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow
LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...
CVE-2025-58062 LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow
LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...
CVE-2025-58062 LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow
LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...
CVE-2025-58062
CVE-2025-58062 affects LSTM-Kirigaya’s openmcp-client (VSCode plugin for MCP developers) prior to version 0.1.12. On Windows, if a user connects to an attacker-controlled MCP server, an attacker can provision a malicious authorization server endpoint that enables an OS command injection in the op...
openmcp-client 操作系统命令注入漏洞
openmcp-client is a versatile vscode plugin from the individual developer Kirigaya Kazuto. An OS command injection vulnerability exists in versions prior to openmcp-client 0.1.12, which stems from the fact that connecting to a malicious MCP server on a Windows platform may result in OS command...
PT-2025-35147
Name of the Vulnerable Software and Affected Versions: openmcp-client versions prior to 0.1.12 Description: openmcp-client, a VS Code plugin for MCP developers, contains a flaw where a malicious authorization server endpoint can be provisioned by an attacker when a user on a Windows platform...