Lucene search
K

31 matches found

Vulnrichment
Vulnrichment
added 2026/05/25 3:0 p.m.9 views

CVE-2026-9468 dazeb cline-mcp-memory-bank index.ts handleInitializeMemoryBank path traversal

A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal. The attack may be...

6.5CVSS6.2AI score0.00337EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/12 2:29 a.m.94 views

esql-injection-poc

ES|QL Source-Index Injection — Remote Exploitation PoC Targ...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/07 3:38 p.m.9 views

EUVD-2025-209722

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

5.8AI score0.01185EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 3:38 p.m.15 views

node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 12:8 a.m.12 views

OpenSearch vulnerable to improper authorization for Rollover Requests

Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/07 12:8 a.m.6 views

GHSA-22VX-2X23-98W6 OpenSearch vulnerable to improper authorization for Rollover Requests

Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...

2.2CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38438

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

5.8AI score0.01185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.8 views

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

5.8AI score0.01185EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 5:16 a.m.38 views

CVE-2026-7730

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

6.5CVSS0.01089EPSS
Exploits0References6
NVD
NVD
added 2026/05/01 7:16 p.m.7 views

CVE-2026-7591

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

6.5CVSS0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.9 views

PT-2026-36536

Name of the Vulnerable Software and Affected Versions astro-mcp-server versions prior to 1.1.2 Description A flaw in the MCP Tool Query Construction component, specifically within a function in the src/index.ts file, allows for remote SQL injection. This occurs when the request.params.arguments...

6.5CVSS6.8AI score0.00196EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

MCP Server Semgrep 命令注入漏洞

MCP Server Semgrep is an AI assistant tool for integrated static code analysis, open-sourced by VetCoders. Version 1.0.0 of MCP Server Semgrep contains a command injection vulnerability. This vulnerability stems from the handling of parameter IDs in the...

7.5CVSS7.2AI score0.01394EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

DNStwist MCP Server 命令注入漏洞

DNStwist MCP Server is a domain name security detection tool developed by Burt personally. Versions of DNStwist MCP Server 1.0.4 and earlier contained a command injection vulnerability. This vulnerability stemmed from the fuzzdomain function in the src/index.ts file, where the Request operation o...

7.5CVSS7.1AI score0.01378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/28 1:22 a.m.4 views

CVE-2026-7039

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

8.5CVSS5.1AI score0.00653EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/26 12:30 p.m.7 views

CVE-2026-7039 tufantunc ssh-mcp index.ts shell.write command injection

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

8.5CVSS7AI score0.00653EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/26 12:30 p.m.39 views

CVE-2026-7039 tufantunc ssh-mcp index.ts shell.write command injection

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

8.5CVSS0.00653EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.3 views

PT-2026-30513

Name of the Vulnerable Software and Affected Versions elgentos magento2-dev-mcp versions up to 1.0.2 Description A flaw exists in elgentos magento2-dev-mcp up to version 1.0.2 due to a command injection issue within the executeMagerun2Command function located in the src/index.ts file. This...

5.3CVSS5.9AI score0.00812EPSS
Exploits0References14
NVD
NVD
added 2026/04/02 12:16 p.m.5 views

CVE-2026-5327

A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS0.0111EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.8 views

CVE-2026-4192

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

6.5CVSS6.1AI score0.01301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 12:2 a.m.2 views

CVE-2026-4199 bazinga012 mcp_code_executor index.ts installDependencies command injection

A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...

5.3CVSS5.7AI score0.00636EPSS
Exploits0References7
Rows per page
Query Builder