Lucene search
K

10 matches found

Snyk
Snyk
added 2026/03/03 8:5 p.m.4 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary commands on the target system by crafting...

10CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 8:4 p.m.1 views

Permissive List of Allowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the unsafeglobals function that does not block pkgutil.resolvename Python stdlib function. An attacker can...

10CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 8:3 p.m.16 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary code by crafting a malicious pickle that...

10CVSS6.4AI score
Exploits0References2
Snyk
Snyk
added 2025/12/12 8:15 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...

8.7CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/12/12 8:15 p.m.2 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...

8.7CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2025/08/29 3:15 p.m.6 views

CVE-2025-9654

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...

6.5CVSS0.01349EPSS
Exploits0References5
CVE
CVE
added 2025/08/29 3:2 p.m.15 views

CVE-2025-9654

CVE-2025-9654 affects the AiondaDotCom mcp-ssh package (up to 1.0.3) with a vulnerability in the file server-simple.mjs that allows remote command injection via manipulated input. The root cause is improper handling in the server-simple.mjs path that enables execution of system commands through u...

6.5CVSS6.8AI score0.01349EPSS
Exploits0References5
Snyk
Snyk
added 2025/08/18 6:46 p.m.2 views

Command Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection via an overly...

7.1CVSS7.2AI score0.00431EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/23 10:10 a.m.1 views

Server-Side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism. PoC 1 Define an app.js file with the programmatic API of nossrf as...

9.1CVSS6.7AI score0.00365EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/05 9:52 a.m.30 views

CVE-2015-10013 WebDevStudios taxonomy-switcher Plugin taxonomy-switcher.php taxonomy_switcher_init cross site scripting

A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomyswitcherinit of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack...

4CVSS6AI score0.00638EPSS
Exploits0References4
Rows per page
Query Builder