10 matches found
Incomplete List of Disallowed Inputs
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary commands on the target system by crafting...
Permissive List of Allowed Inputs
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the unsafeglobals function that does not block pkgutil.resolvename Python stdlib function. An attacker can...
Incomplete List of Disallowed Inputs
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary code by crafting a malicious pickle that...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...
CVE-2025-9654
A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...
CVE-2025-9654
CVE-2025-9654 affects the AiondaDotCom mcp-ssh package (up to 1.0.3) with a vulnerability in the file server-simple.mjs that allows remote command injection via manipulated input. The root cause is improper handling in the server-simple.mjs path that enables execution of system commands through u...
Command Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection via an overly...
Server-Side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism. PoC 1 Define an app.js file with the programmatic API of nossrf as...
CVE-2015-10013 WebDevStudios taxonomy-switcher Plugin taxonomy-switcher.php taxonomy_switcher_init cross site scripting
A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomyswitcherinit of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack...