6 matches found
Arbitrary Argument Injection
Overview @aiondadotcom/mcp-ssh is a MCP Agent for managing SSH hosts - A Model Context Protocol server for SSH operations Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of the hostAlias, command, localPath, or remotePath arguments. An attack...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source that can circumvent the trusted dependencies list. An attacker can cause unintended dependencies to be loaded by including malicious file:, link:, git:, or github: URLs to import packages whose names also exis...
PT-2025-47405
Name of the Vulnerable Software and Affected Versions joserfc versions 1.3.3 through 1.3.4 joserfc versions 1.4.0 through 1.4.1 Description The joserfc library has an issue where excessively large JWT JSON Web Token payloads can be logged, potentially leading to resource exhaustion. Specifically,...
Information disclosure
A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able t...
PT-2023-10804 · Zenoss · Zenoss Dashboard
Name of the Vulnerable Software and Affected Versions: Zenoss Dashboard versions up to 1.3.4 Description: A vulnerability was found in an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the HTMLString argument leads to...
PT-2007-5165 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Rule Set Based Access Control RSBAC versions prior to 1.3.5 Description: The issue allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked...