Lucene search
K

20 matches found

CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

FlowChief ScadaApp 安全漏洞

FlowChief ScadaApp is an industrial-grade mobile application developed by the German company FlowChief. Version 1.1.4.0 of FlowChief ScadaApp contains a security vulnerability. This vulnerability allows attackers to cause the application to crash by entering an excessively long buffer value in th...

7.5CVSS5.9AI score0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 2:56 p.m.4 views

CVE-2019-25311 thesystem Persistent XSS

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 2:56 p.m.11 views

CVE-2019-25311

The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2025/11/20 12:0 a.m.4 views

RaidenFTPD Server <= 2.4.4005 Buffer Overflow Vulnerability

RaidenFTPD v.2.4 build 4005 allows a local attacker to execute arbitrary code via the Server name field of the step by step setup wizard. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.8CVSS7.5AI score0.00433EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/10/29 10:14 p.m.7 views

CVE-2025-62801

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fix...

7.8CVSS7.4AI score0.00206EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/29 3:39 p.m.4 views

EUVD-2025-36567

FastMCP vulnerable to windows command injection in FastMCP Cursor installer via servername...

5.4CVSS7AI score0.00206EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/28 10:41 p.m.3 views

Command Injection

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Command Injection via the servername field. An attacker can execute arbitrary OS commands by supplying crafted input to this field during the installation process on...

7.8CVSS7.9AI score0.00206EPSS
Exploits1References2
NVD
NVD
added 2025/10/28 10:15 p.m.4 views

CVE-2025-62801

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fix...

7.8CVSS0.00206EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/28 9:36 p.m.2 views

CVE-2025-62801 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fix...

5.4CVSS7AI score0.00206EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

FastMCP 操作系统命令注入漏洞

FastMCP is an MCP server builder from the individual developer Jeremiah Lowin. An operating system command injection vulnerability exists in FastMCP versions prior to 2.13.0, which stems from the vulnerability of the servername field to a command injection attack that could result in the executio...

7.8CVSS7.5AI score0.00206EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.4 views

PT-2024-31788

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.28.7 Envoy versions prior to 1.29.9 Envoy versions prior to 1.30.6 Envoy versions prior to 1.31.2 Description: A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content...

6.5CVSS6.5AI score0.00353EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.2 views

Tenda AX1803 安全漏洞

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. The Tenda AX1803 version 1.0.0.1 suffers from a buffer overflow vulnerability that originates from the parameter serverName/ddnsUser/ddnsPwd/ddnsDomain failing to correctly validate the length and size of the input data, which can...

9CVSS8.3AI score0.14879EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/09/11 7:15 p.m.3 views

CVE-2023-39063

Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard...

7.8CVSS7.5AI score0.00433EPSS
Exploits2References2
OSV
OSV
added 2023/09/11 7:15 p.m.4 views

CVE-2023-39063

Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard...

7.8CVSS6.1AI score0.00433EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.4 views

RaidenFTPD Security Vulnerability

RaidenFTPD is an easy-to-use FTP daemon for Windows. A security vulnerability exists in RaidenFTPD version 2.4.4005, which stems from a buffer overflow vulnerability. The vulnerability can be exploited to execute arbitrary code via the Server name field of the step-by-step setup wizard...

7.8CVSS8.1AI score0.00433EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/09/11 12:0 a.m.19 views

CVE-2023-39063

Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard...

7.6AI score0.00433EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/09/11 12:0 a.m.26 views

CVE-2023-39063

Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard...

8AI score0.00433EPSS
Exploits2References1
OSV
OSV
added 2021/06/25 11:15 a.m.7 views

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

5.4CVSS5.8AI score0.00945EPSS
Exploits4References3
CNVD
CNVD
added 2017/09/08 12:0 a.m.4 views

Wibu-Systems CodeMeter Cross-Site Scripting Vulnerability

Wibu-Systems CodeMeter is a suite of anti-piracy protection products from Wibu-Systems for software protection against piracy and unsecured software. The product uses encryption technology and a small USB hardware device, CmStick, which has a built-in SmartCard chip with 128KB of secure memory fo...

5.4CVSS5.4AI score0.03877EPSS
Exploits7References1
OSV
OSV
added 2017/09/07 1:29 p.m.3 views

CVE-2017-13754

Cross-site scripting XSS vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html...

5.4CVSS5.9AI score0.03877EPSS
Exploits7References7
Rows per page
Query Builder