EUVD-2026-26884

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7730 privsim mcp-test-runner MCP index.ts child_process.spawn os command injection

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7730 privsim mcp-test-runner MCP index.ts child_process.spawn os command injection

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

CVE-2026-7730

CVE-2026-7730 affects privsim mcp-test-runner 0.2.0. The vulnerability is in the MCP Interface’s src/index.ts where the function child_process.spawn mishandles the argument command, enabling an os command injection. Impact may be remote; exploit publicly available. Documents do not provide remedi...

CVE-2026-7730

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function childprocess.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit...

Test Runner MCP 命令注入漏洞

Test Runner MCP is a multi-framework testing and result-analysis tool for PrivSim individual developers. Version 0.2.0 of Test Runner MCP contains a command injection vulnerability. This vulnerability stems from the use of the childprocess.spawn function in the MCP Interface component, which allo...

Unsafe Deserialization in PHPT Code Coverage Handling

Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserializes code coverage files without validation, potentially allowing remote code execution if malicious...

CVE-2025-9403

A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function runjqtests of the file jqtest.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othe...

Security update for python312

This update for python312 fixes the following issues: python312 was updated from version 3.12.9 to 3.12.11: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixe...

Malicious code in dapp-test-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 223b529f6331e7956b2e49069f8446746e4a8b25ebee059c4de01f152bbd5cc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10851 Malicious code in dapp-test-runner (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 223b529f6331e7956b2e49069f8446746e4a8b25ebee059c4de01f152bbd5cc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2024:2574-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 - CVE-2024-22018: Fixed fs.lstat bypasses permission model bsc1227562 -...

Malicious code in com.unity.test-runner-manual-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 85698be2138d279587657502f67090097d4cbbeb4b05a492c63e318fe69f4560 The OpenSSF Package Analysis project identified 'com.unity.test-runner-manual-tests' @ 2.0.0 npm as malicious. It is considered malicious becaus...

MAL-2023-1140 Malicious code in com.unity.test-runner-manual-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 85698be2138d279587657502f67090097d4cbbeb4b05a492c63e318fe69f4560 The OpenSSF Package Analysis project identified 'com.unity.test-runner-manual-tests' @ 2.0.0 npm as malicious. It is considered malicious becaus...

Node v18.13.0 (LTS)

Node v18.13.0 LTS By Danielle Adams, Jan 06, 2023 Notable changes Add support for externally shared js builtins By default Node.js is built so that all dependencies are bundled into the Node.js binary itself. Some Node.js distributions prefer to manage dependencies externally. There are existing...

camp (=15.2.23), directdetect (>=1.0.0 <=1.2.0) +3 more potentially affected by unknown CVE via localeval (>=13.12.11 <=15.2.3)

localeval NPM version =13.12.11, =1.0.0, =1.0.0, =1.0.1 - mocha-test-runner =0.4.3 Source cves: unknown CVE Source advisory: OSV:GHSA-MMQV-M45H-Q2HP...

Command Injection

Overview karma-mojo is a plugin for Karma that provides a binary for running only a select subset of tests at a time instead of running the whole test suite. Affected versions of this package are vulnerable to Command Injection. The argument config can be controlled by users without any...

CVE-2019-15102

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunnerNondistributed and distributed end points does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface intende...