CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-52573 affects the iOS Simulator MCP Server (ios-simulator-mcp). The vulnerability arises in the MCP Server’s tool definitions (notably the ui_tap tool) which rely on Node.js child process API exec. When untrusted input is used for parameters such as duration, udid, x, and y, shell meta-c...

6CVSS7.6AI score0.00017EPSS

Exploits0References4

OSV•added 2025/06/26 2:8 p.m.•2 views

CVE-2025-52573 Command Injection in MCP Server ios-simulator-mcp

iOS Simulator MCP Server ios-simulator-mcp is a Model Context Protocol MCP server for interacting with iOS simulators. Versions prior to 1.3.3 are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. T...

6CVSS7.3AI score0.00017EPSS

Exploits0References6

NVD•added 2023/10/10 3:15 p.m.•13 views

CVE-2023-30805

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

9.8CVSS10AI score0.14849EPSS

Exploits1References3

F5 Networks•added 2023/02/21 8:2 p.m.•30 views

K16945: Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844

Security Advisory Description CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled...

7.8CVSS7.9AI score0.02879EPSS

Exploits1Affected Software17

RedHat Linux•added 2022/08/03 12:50 p.m.•2 views

openssl: c_rehash script allows command injection

A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...

10CVSS7.1AI score0.38894EPSS

Exploits5References5

Debian•added 2022/06/26 6:26 p.m.•136 views

[SECURITY] [DSA 5169-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5169-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2022 https://www.debian.org/security/faq -...

10CVSS9.9AI score0.20216EPSS

Exploits6

RedhatCVE•added 2022/05/03 10:18 p.m.•282 views

CVE-2022-1292

10CVSS2.3AI score0.38894EPSS

Exploits5References4

CNVD•added 2022/03/29 12:0 a.m.•12 views

NETGEAR R8500 Command Injection Vulnerability

The NETGEAR R8500 is a wireless router from the American company Netgear. A security vulnerability exists in the NETGEAR R8500, which can be exploited by an attacker to execute arbitrary commands e.g. telnetd via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters of...

9CVSS7.7AI score0.04995EPSS

Exploits1References1

CNVD•added 2021/11/05 12:0 a.m.•15 views

D-Link DIR-823G Command Injection Vulnerability (CNVD-2021-85889)

D-Link DIR-823G is an AC1200M dual-band gigabit wireless router.A command injection vulnerability exists in the HNAP1 protocol in D-Link DIR-823G version 1.0.2B05. An attacker can execute arbitrary Web scripts using shell meta characters in the Captcha field of the login section...

9.8CVSS4.4AI score0.23952EPSS

Exploits1References1

OSV•added 2021/04/12 7:50 p.m.•22 views

GHSA-6QPR-9MC5-7GCH Command Injection in async-git