Lucene search
K

4 matches found

NVD
NVD
added 2025/11/18 4:15 p.m.7 views

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

6.5CVSS0.00796EPSS
Exploits1References1
OSV
OSV
added 2025/11/18 4:15 p.m.5 views

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

6.5CVSS6.1AI score0.00796EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.7 views

PT-2025-47331

Name of the Vulnerable Software and Affected Versions MCP Data Science Server version 0.1.6 Description A command injection issue exists in the safe eval function src/mcp server ds/server.py:108 of the software. The function utilizes Python’s exec to run scripts provided by users, but it does not...

6.5CVSS7.9AI score0.00796EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2016/06/17 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of the ToV8Value function content/child/v8valueconverterimpl.cc in Google Chrome’s V8 browser kernel is related to the lack of restrictions on the use of built-in functions. Exploiting this vulnerability can allow a malicious actor to cause service failures the use of resources...

6.8CVSS7.6AI score0.01322EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder