CVE-2026-42282 n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the...

Wish 路径遍历漏洞

Wish is a server tool developed by Charm for simplifying SSH application development. Versions of Wish prior to 2.0.0 and 2.0.1 contained a path traversal vulnerability. This vulnerability stemmed from the SCP middleware not properly verifying file names, which could lead to path traversal attack...

MAL-2026-2840 Malicious code in sher-server-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e83ee8187475c07ed6ea406a698e3f9d3c55efec8e689ba0c110a6ee2ce1012b Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

Malicious code in sher-server-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e83ee8187475c07ed6ea406a698e3f9d3c55efec8e689ba0c110a6ee2ce1012b Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

CVE-2026-3959

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...

CVE-2026-3959

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...

CVE-2026-3959

The CVE concerns 0xKoda WireMCP (up to commit 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e). Affected is the function server.tool in index.js of Tshark CLI Command Handler, where input manipulation leads to OS command injection. Attack requires local access; public exploit exists. Product uses a roll...

CVE-2026-3959 0xKoda WireMCP Tshark CLI index.js server.tool os command injection

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...

CVE-2026-3959 0xKoda WireMCP Tshark CLI index.js server.tool os command injection

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...

CVE-2026-3959

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...

WireMCP 操作系统命令注入漏洞

WireMCP is a real-time network traffic analysis tool developed by Koda’s individual developers. WireMCP has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the server.tool function in the Tshark CLI Command Handler component,...

CVE-2025-59834

CVE-2025-59834 affects the adb-mcp MCP Server. The vulnerability stems from constructing shell commands by concatenating untrusted input (notably the device parameter) in executeAdbCommand, enabling remote command injection via the MCP Server tool definitions (e.g., inspect_ui). The issue impacts...

CVE-2025-53818

GitHub Kanban MCP Server is a Model Context Protocol MCP server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Serv...

Intel SDP Tool 代码问题漏洞

Intel SDP Tool is a server debugging and configuration tool from Intel Corporation USA. A code issue vulnerability exists in Intel SDP Tool that stems from an uncontrolled search path. An attacker can exploit the vulnerability to elevate privileges...

MyLittleTools MyLittleBackup 代码问题漏洞

MyLittleTools MyLittleBackup is a SQL Server management tool from MyLittleTools France. Manage SQL Server databases in a web hosted environment. A code issue vulnerability exists in MyLittleBackup, which allows remote attackers to exploit the vulnerability to execute arbitrary code because the...

[SECURITY] Fedora 30 Update: bind-9.11.8-1.fc30

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Web Security Dog (Apache Edition) V4.0 suffers from SQL Injection Vulnerability

Website Security Dog Apache Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features. Web Security Dog Apache Edition V4.0 suffers from a SQL injection vulnerability, which can be exploited by attackers to...

CVE-2001-0048

CVE-2001-0048 affects Microsoft Windows 2000 domain controllers; the Configure Your Server tool installs a blank Directory Service Restore Mode password. This allows attackers with physical access to the controller to install malicious software. Root cause is a blank DS Restore Mode password crea...